product
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill reads from potentially untrusted local files (e.g., README.md) to generate suggestions and documentation. This creates a surface where instructions embedded in those files could influence the agent.
- Ingestion points: README.md, package.json, pyproject.toml, go.mod, and Cargo.toml.
- Boundary markers: Absent; the instructions do not explicitly tell the agent to ignore instructions found within project files.
- Capability inventory: Execution of 'ls' for file discovery and creation of 'PRODUCT.md'.
- Sanitization: Absent; text is extracted directly for context.
- Command Execution (SAFE): The skill uses basic shell commands (ls) for environment discovery and file checking. These are statically defined and do not involve unsafe user input interpolation.
Audit Metadata