product-manager-toolkit
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The
customer_interview_analyzer.pyscript is designed to process untrusted external content from interview transcripts. - Ingestion points: The script reads from
interview_transcript.txtandinterview.txtas seen in the usage examples. - Boundary markers: Absent. The documentation does not provide instructions for the agent to use delimiters or ignore embedded instructions within transcripts.
- Capability inventory: The script extracts feature requests, sentiment, and themes that directly influence product roadmaps and document creation.
- Sanitization: Absent. No filtering or validation logic is mentioned for handling malicious input within transcripts.
- [Command Execution] (MEDIUM): The skill documentation explicitly instructs the agent to execute local Python scripts (
scripts/rice_prioritizer.pyandscripts/customer_interview_analyzer.py). - Evidence: Multiple execution commands are provided in
SKILL.md(e.g.,python scripts/rice_prioritizer.py features.csv). - Risk: Because the code for these scripts is not included in the skill definition, their actual operations cannot be verified, which is a concern for a toolkit intended to process business data.
Audit Metadata