Skills
skills/prorise-cool/prorise-claude-skills/product-specialist/Gen Agent Trust Hub

product-specialist

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface in the product feedback synthesis component.
  • Ingestion points: The agent is instructed to use WebFetch and Read to gather untrusted content from app store reviews, Reddit, and social media platforms in references/domains/misc/product-feedback-synthesizer.md.
  • Boundary markers: No explicit delimiters or instructions are provided to differentiate between system prompts and external data.
  • Capability inventory: The agent has access to Read, Write, Grep, WebFetch, and MultiEdit tools in references/domains/misc/product-feedback-synthesizer.md.
  • Sanitization: There is no defined process for validating or filtering ingested content.
  • [COMMAND_EXECUTION]: The skill uses local scripts for task automation and repository management.
  • Evidence: Deterministic Python scripts market-sizing.py and user-story-template.py are provided to generate calculation results and Markdown formatting.
  • Evidence: Maintenance shell scripts (e.g., scripts/add-a-skill.sh, scripts/test-a-skill.sh) are referenced in references/domains/product-management/skill-authoring-workflow/SKILL.md for administrative tasks.
  • [EXTERNAL_DOWNLOADS]: Certain components are designed to fetch data from external domains for research purposes.
  • Evidence: The trend-researcher and feedback-synthesizer agents are configured to retrieve information from public platforms like TikTok, YouTube, and various application marketplaces to identify market trends.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 08:40 PM