devpilot-pm
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill implements a well-defined product research workflow using standard platform tools.
- [SAFE]: Data access is limited to the project's documentation folder (
docs/) for caching research results and storing feature decisions. It does not attempt to access sensitive system files or credentials. - [SAFE]: External activity is confined to research queries via the WebSearch tool. There is no evidence of data exfiltration or unauthorized network operations.
- [SAFE]: Indirect prompt injection risks are mitigated by a human-in-the-loop process; the agent presents research findings to the user and only records decisions after explicit user confirmation.
- [SAFE]: Git operations are restricted to staging and committing documentation files created by the skill, which is consistent with its role as a project management tool.
Audit Metadata