product-manager-toolkit
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill is susceptible to indirect prompt injection via the processing of untrusted external content.\n
- Ingestion points: The skill ingests user-provided text transcripts and CSV files through scripts like
customer_interview_analyzer.pyandrice_prioritizer.py.\n - Boundary markers: There are no specified delimiters or instructions to ignore embedded commands within the processed data.\n
- Capability inventory: The NLP analysis directly informs strategic decisions, roadmap planning, and feature synthesis, meaning injected instructions could manipulate agent output.\n
- Sanitization: No mention of input sanitization, filtering, or validation is provided in the documentation.\n- [Unverifiable Dependencies] (LOW): The skill manifest is incomplete regarding technical requirements.\n
- Evidence: The tech-stack mentions 'NLP sentiment analysis' and Python 3.8+ but the YAML
dependenciessection is empty, failing to list the specific libraries (e.g., NLTK, spaCy) required for operation.
Audit Metadata