product-owner
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates data from untrusted local files into its processing flow while possessing significant capabilities.
- Ingestion points: The skill dynamically discovers and reads content from
docs/business-features/*/README.md,project-structure-reference.md, and other project documentation files using theGlobandReadtools. - Boundary markers: There are no defined delimiters or instructions to ignore potential commands within the ingested project documentation, allowing embedded instructions to potentially influence the agent's behavior.
- Capability inventory: The skill is configured to use powerful tools including
Write,Edit,Bash, andTaskCreateacross its operation files. - Sanitization: The instructions do not specify any validation, escaping, or sanitization of the content read from the project files before it is processed or used to generate new artifacts.
Audit Metadata