product-manager-toolkit
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its core workflow of processing external, untrusted data.
- Ingestion points: The
customer_interview_analyzer.pyscript readsinterview.txt(transcripts), andrice_prioritizer.pyreadsfeatures.csv(user/customer feedback). - Boundary markers: None. There are no instructions or delimiters defined to prevent the agent from obeying malicious instructions embedded within interview transcripts or feature descriptions.
- Capability inventory: The skill executes local Python scripts and generates outputs that influence critical business decisions, roadmap generation, and PRD creation.
- Sanitization: None observed. The markdown does not specify any sanitization or validation of the input text before analysis.
- [COMMAND_EXECUTION] (LOW): The skill's primary interface involves executing local Python scripts using
python3. While this is standard for agent skills, users must ensure the provided scripts (rice_prioritizer.py, etc.) are from a trusted source, as they are executed with the user's local permissions.
Audit Metadata