product-manager
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is instructed to triage external 'customer feedback beads', which serves as an ingestion point for untrusted data. The lack of boundary markers or sanitization instructions makes the agent vulnerable to indirect prompt injection (File: SKILL.md). This risk is compounded by the agent's broad permissions, which include reading project code, writing documentation, and accessing all other organizational skills.
- Ingestion points: Feedback triage process (SKILL.md).
- Boundary markers: None specified.
- Capability inventory: Access to all skills, filesystem read (code), and filesystem write (docs).
- Sanitization: None specified.
Audit Metadata