ai-product
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [Prompt Injection] (SAFE): The skill sets a professional persona ('AI product engineer') but does not attempt to override system instructions or bypass safety filters. It actually explicitly warns against unsafe prompt practices.
- [Data Exposure & Exfiltration] (SAFE): No file system access, credential patterns, or network requests were found in the content.
- [Remote Code Execution] (SAFE): There are no commands or patterns associated with downloading or executing remote code.
- [No Code] (INFO): The skill consists entirely of markdown text. No scripts (Python, JS, Shell) or package manifests are present.
- [Indirect Prompt Injection] (SAFE): While the skill discusses handling untrusted user data, it is a static instructional file and does not implement a data ingestion surface that could be exploited.
Audit Metadata