producthunt
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill uses environment variables (
PH_API_TOKEN) for authentication rather than hardcoding credentials. - [COMMAND_EXECUTION] (SAFE): Uses
curlto interact with the Product Hunt GraphQL API. This is the primary intended purpose of the skill and is implemented using standard parameters. - [Indirect Prompt Injection] (LOW): The skill processes user-generated content from Product Hunt, such as product descriptions and comments, which constitutes a potential attack surface.
- Ingestion points: API responses processed in
SKILL.md. - Boundary markers: Absent; data is interpolated into the agent's output context without specific delimiters.
- Capability inventory: Limited to
execwithcurlfor API requests; no file-system write or arbitrary code execution capabilities identified. - Sanitization: None specified; the agent treats API output as data to be formatted.
Audit Metadata