product-manager
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- Prompt Injection (SAFE): The skill uses instructional role-play to define a 'Product Manager' persona. No instructions to bypass safety filters, disregard previous rules, or extract system prompts were detected.
- Data Exposure & Exfiltration (SAFE): There are no patterns involving sensitive file paths (e.g., credentials) or network calls to external domains. The skill operates entirely within the text context provided by the agent.
- Obfuscation (SAFE): No Base64, zero-width characters, homoglyphs, or other encoding techniques were found in any of the 11 Markdown files.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill consists exclusively of documentation and templates; it contains no script files, package manifests, or commands to download/execute remote code.
- Indirect Prompt Injection (LOW): untrusted data enters via user requests in all files (Ingestion points); boundary markers are absent; the skill's capability inventory is limited to generating text and Mermaid diagrams, which presents no functional risk of exfiltration or command execution.
- Dynamic Execution (SAFE): No runtime code generation, unsafe deserialization, or library injection patterns were identified.
Audit Metadata