product-vision-steering
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its reliance on untrusted external data from the project repository.
- Ingestion points: The workflow instructs the agent to read manifest files such as package.json, pyproject.toml, and requirements.txt, as well as scanning the codebase directory structure and existing documentation.
- Boundary markers: There are no defined boundary markers or instructions for the agent to ignore potentially malicious content or instructions embedded within the analyzed codebase files.
- Capability inventory: The skill possesses the capability to write files to the local directory documentation/steering/ and publish content to external Confluence pages using Atlassian MCP tools.
- Sanitization: The instructions do not specify any sanitization, validation, or escaping of the ingested data before it is processed into the steering document templates and published.
Audit Metadata