ai-native-product-building
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONNO_CODE
Full Analysis
- [Prompt Injection] (MEDIUM): The skill promotes the 'JIRA-Prompt' framework which encourages ingesting untrusted external content to provide 'Data Context' for code generation.
- Ingestion points: Specifically mentions pasting 'raw data (e.g., LinkedIn bio, CSV rows)' and using 'Figma design URLs' as input sources in Sections 1 and Step 1.
- Boundary markers: Absent. The framework does not instruct the agent or user to wrap this untrusted data in delimiters or provide instructions to the model to ignore embedded commands.
- Capability inventory: High. The instructions guide the creation of full-stack applications with functional databases (Supabase), authentication, and production deployment (Netlify/Vercel).
- Sanitization: Absent. There are no guidelines for sanitizing or validating the content of the data context before it is processed by the AI tool.
- [No Code] (INFO): This skill consists entirely of markdown documentation and YAML frontmatter. It contains no executable scripts, shell commands, or dependency manifests.
Audit Metadata