product-manager
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill uses a clear, instructional workflow to process user-provided requirement documents and apply a static Markdown template. There is no evidence of prompt injection, data exfiltration, or unauthorized command execution.
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to process untrusted data from multiple formats (docx, pdf, images, etc.). While this is an ingestion surface for indirect prompt injection, the skill does not possess high-risk capabilities such as network access or shell execution that would allow a successful injection to perform malicious actions. The workflow includes a 'clarify before output' principle which serves as a manual verification step.
Audit Metadata