product-manager-toolkit
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill processes untrusted external data which can be used to influence the agent's reasoning or output. This occurs when interview transcripts or feature lists contain embedded instructions intended to manipulate the PM analysis.
- Ingestion points:
scripts/customer_interview_analyzer.pyingests untrusted text frominterview_transcript.txt.scripts/rice_prioritizer.pyingests untrusted data from.csvfiles. - Boundary markers: Absent. The documentation does not provide instructions for the agent to use delimiters or ignore embedded commands within the ingested data.
- Capability inventory: The skill executes local Python scripts to perform NLP-based synthesis and portfolio analysis. These outputs directly influence product strategy, roadmap generation, and requirement documentation.
- Sanitization: Absent. There is no evidence of content filtering or sanitization to prevent the agent from following instructions hidden within the input files.
- Command Execution (LOW): The skill documentation explicitly instructs the agent to execute local Python scripts (
rice_prioritizer.py,customer_interview_analyzer.py) using the command line. While standard for this type of skill, it assumes the scripts themselves are safe and have not been tampered with.
Audit Metadata