pm-spec
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill's primary function is text and HTML generation for product management tasks.
- [PROMPT_INJECTION]: The instructions focus on structured data extraction and formatting without any attempt to override system prompts or bypass safety guidelines.
- [DATA_EXFILTRATION]: No network access or unauthorized file system traversal is requested. The skill correctly limits its context to the user's brief and a local DESIGN.md file.
- [REMOTE_CODE_EXECUTION]: The skill does not download external scripts, execute dynamic code, or use package managers. It relies on static HTML/CSS templates for generating output artifacts.
Audit Metadata