Skills
skills/shining319/claude-code-single-person-workflow/product-manager/Gen Agent Trust Hub

product-manager

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALPROMPT_INJECTIONNO_CODE
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill processes untrusted user requirements to generate documentation, presenting an indirect prompt injection surface. 1. Ingestion points: User requirements input (SKILL.md Step 1). 2. Boundary markers: Absent. 3. Capability inventory: File-write operations to the outputs/ directory (SKILL.md Step 5). 4. Sanitization: Absent.
  • [External Downloads] (SAFE): The automated scan flagged 'requirements.md' as a malicious URL, but this is a false positive triggered by a local filename. No actual remote downloads or execution patterns were identified.
  • [Data Exposure] (SAFE): No hardcoded credentials or access to sensitive system files (e.g., SSH keys, AWS configs) were detected within the skill files or templates.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 06:17 PM