product-manager
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill references local helper scripts (
scripts/analyze-market.shandscripts/generate-stories.sh) intended for automated market analysis and user story generation. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its core function of processing untrusted data from user requirements and external market research.
- Ingestion points: Untrusted data enters the context via user-provided requirement descriptions and market research results gathered from the web.
- Boundary markers: No explicit delimiters or instructions are provided to the agent to treat external requirements as data distinct from instructions.
- Capability inventory: The skill includes the ability to execute shell scripts and generate formatted product documentation.
- Sanitization: The provided templates do not contain logic for sanitizing or validating external input before processing.
Audit Metadata