Skills
skills/rshankras/claude-code-apple-skills/product-development/Gen Agent Trust Hub

product-development

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection by ingesting untrusted data from the web to drive its analysis and documentation tasks.
  • Ingestion points: External data enters the agent context via the "WebSearch" and "WebFetch" tools used in the "market-research", "competitive-analysis", "localization-strategy", and "idea-generator" modules.
  • Boundary markers: The skill's instructions lack the use of delimiters or explicit "ignore embedded instructions" warnings for the data retrieved from external URLs.
  • Capability inventory: The skill has permissions to write files to the local system and execute a specific CLI tool ("product-agent") using the "Bash" tool across several modules.
  • Sanitization: There are no instructions for the agent to sanitize, escape, or validate content fetched from the web before using it to generate critical project documentation like the PRD or technical Architecture documents.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 03:09 PM