product-owner
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill analyzes untrusted content from GitHub issue comments and pull request reviews to automatically identify blockers and risks, creating a surface for indirect prompt injection.\n
- Ingestion points: GitHub issues, pull requests, and comments fetched via MCP tools (SKILL.md).\n
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are implemented for the external data being analyzed.\n
- Capability inventory: The skill has access to GitHub and contextd MCP tools for reading/writing project data and state.\n
- Sanitization: No input validation or sanitization of external text is defined in the instructions.\n- [COMMAND_EXECUTION]: The skill instructions include performing a local directory scan to identify relevant project repositories.\n
- Evidence: The skill specifies using 'ls ~/projects/fyrsmithlabs/' as a primary method for discovering local project paths.
Audit Metadata