lean-startup
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists entirely of Markdown documentation and instructional content. No executable code, scripts, or automation logic are present.
- [EXTERNAL_DOWNLOADS]: The skill includes informational links to the author's personal and business websites (jeremylongshore.com, tonsofskills.com, intentsolutions.io) and affiliate links to book recommendations on Amazon. These are standard external references for educational content and do not trigger any automated or malicious downloads.
- [INDIRECT_PROMPT_INJECTION]: The skill instructs the agent to analyze and score user-provided product plans and metrics. While this represents an ingestion point for untrusted data, the risk is negligible due to the absence of dangerous capabilities.
- Ingestion points: The agent processes user-supplied development plans, experiments, and metrics descriptions.
- Boundary markers: The instructions do not specify explicit delimiters (like XML tags or triple quotes) to separate user data from system instructions.
- Capability inventory: The skill is restricted to basic file system inspection tools (
Read,Glob,Grep). It does not have access to the network, shell execution, or sensitive environment credentials. - Sanitization: No sanitization of user-provided business data is performed, but the limited toolset prevents exploitation.
Audit Metadata