product-inventor
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted user data to drive its core logic and code generation outputs.
- Ingestion points: Untrusted data enters the agent context through command parameters in
SKILL.md, specifically via/invent [ideia/produto],/diagnose [produto/descricao], and/polish [tela/produto]. - Boundary markers: The instructions lack explicit delimiters or "ignore instructions" warnings to encapsulate and isolate user-provided product descriptions from the agent's internal logic.
- Capability inventory: Across its workflows, the skill generates complex project structures (folders and files), UI components, and business logic. It utilizes tools such as
claude-code,gemini-cli, andcodex-cliwhich have the capability to write to the file system and interact with external APIs based on the agent's derived plan. - Sanitization: There is no evidence of sanitization, validation, or escaping of the user-provided descriptions before they are interpolated into the prompt or used to generate executable code.
Audit Metadata