Skills
skills/rshankras/claude-code-apple-skills/product-development/Gen Agent Trust Hub

product-development

Pass

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill utilizes tools that ingest untrusted data, creating a potential vector for instructions embedded in external content to manipulate the agent's output or actions.
  • Ingestion points: The skill uses WebFetch and WebSearch to pull data from the internet and Read to access local files.
  • Boundary markers: There are no explicit instructions or delimiters defined to treat external data as untrusted or to ignore embedded natural language commands.
  • Capability inventory: The skill has Write permissions, allowing it to persist potentially malicious data to the local filesystem, and WebSearch capabilities that could be abused for data exfiltration if the agent is coerced by a malicious website.
  • Sanitization: No sanitization or validation logic is present to filter content before it is processed by the agent or written to files.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 22, 2026, 10:27 AM