identify-assumptions-existing
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [NO_CODE]: This skill consists entirely of Markdown instructions and metadata. It does not contain any Python scripts, Node.js packages, or shell commands.
- [EXTERNAL_DOWNLOADS]: The skill provides links to external articles and resources on Product Compass (productcompass.pm). These are informational references for the user and do not involve the automated download or execution of remote code.
- [PROMPT_INJECTION]: The skill instructions direct the agent to process external user-provided data such as designs, PRDs, and research files. This creates a surface for indirect prompt injection.
- Ingestion points: $ARGUMENTS and user-provided files described in the context section.
- Boundary markers: Absent. The instructions do not specify delimiters or warnings to ignore embedded instructions within the ingested files.
- Capability inventory: None. The skill does not have access to subprocess execution, file system modification, or network requests.
- Sanitization: None detected in the prompt logic.
Audit Metadata