Skills
skills/hainamchung/agent-assistant/product-manager-toolkit/Gen Agent Trust Hub

product-manager-toolkit

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: Extensive review of the Python scripts and documentation reveals no malicious patterns, hardcoded credentials, or obfuscated content. The scripts rely exclusively on the Python standard library.\n- [PROMPT_INJECTION]: The skill processes external data from transcript and CSV files, which constitutes a surface for indirect prompt injection.\n
  • Ingestion points: Untrusted data is read from files in scripts/customer_interview_analyzer.py (line 330) and scripts/rice_prioritizer.py (line 192).\n
  • Boundary markers: Absent; no specific markers are used to separate user data from agent instructions during processing.\n
  • Capability inventory: No dangerous capabilities (such as subprocess, network calls, or eval/exec) are present in the skill's code.\n
  • Sanitization: Absent; processed text is used directly for regex analysis without filtering for potential command patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 10:06 AM