product-compound
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a workflow where data from external files and user input is aggregated and written to AGENTS.md, which is documented as a file loaded by every session and every agent. This creates a persistent surface for indirect prompt injection.
- Ingestion points: Processes data from .agents/products/.journal/.jsonl and docs/product-learnings/**/*.md.
- Boundary markers: No explicit markers or instructions to ignore embedded instructions are provided for the managed section in AGENTS.md.
- Capability inventory: The skill possesses the ability to write to AGENTS.md and execute shell commands via go run.
- Sanitization: The instructions do not describe any sanitization or validation of the ingested content before it is persisted in the shared context file.
- [COMMAND_EXECUTION]: The skill invokes local Go scripts using the go run command, passing user-provided strings (such as titles and bodies) as command-line flags. This pattern carries a risk of command injection if the execution environment does not perform adequate escaping of shell metacharacters.
Audit Metadata