Skills
skills/resciencelab/opc-skills/producthunt/Gen Agent Trust Hub

producthunt

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (MEDIUM): Vulnerable to Indirect Prompt Injection via external Product Hunt content.
  • Ingestion points: scripts/get_post.py retrieves product descriptions; scripts/get_post_comments.py retrieves user comments.
  • Boundary markers: Absent. External content is printed directly into the agent's context without delimiters (e.g., XML tags) or instructions to ignore embedded commands.
  • Capability inventory: The skill provides read-only access to Product Hunt data and does not possess destructive capabilities like file writing or arbitrary command execution. However, poisoned content could influence the agent's subsequent reasoning or tool use.
  • Sanitization: Absent. Data is truncated but not sanitized for instruction-like patterns.
  • [DATA_EXFILTRATION] (LOW): Performs network requests to an external API.
  • Evidence: scripts/producthunt_api.py uses urllib.request to communicate with api.producthunt.com. This is consistent with the skill's stated purpose and targets a legitimate domain.
  • [CREDENTIALS_UNSAFE] (SAFE): Correctly handles API credentials.
  • Evidence: scripts/credential.py retrieves the PRODUCTHUNT_ACCESS_TOKEN from environment variables. No hardcoded secrets were found in the code.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 10:08 AM