Skills
skills/siyuqian/devpilot/devpilot-product-research/Gen Agent Trust Hub

devpilot-product-research

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches market and competitor data from the internet via WebSearch tools to provide analysis on user pain points and trends.
  • [COMMAND_EXECUTION]: Uses git commands (git add, git commit) to stage and record research findings and rejected ideas to the local repository.
  • [PROMPT_INJECTION]: Ingests untrusted content from the web which is then used to synthesize product recommendations, creating a surface for indirect prompt injection.
  • Ingestion points: WebSearch results processed by parallel sub-agents in SKILL.md.
  • Boundary markers: Not explicitly implemented for the interpolated web data.
  • Capability inventory: File write access to the docs/ directory and git execution for committing changes.
  • Sanitization: No explicit sanitization or filtering of external content before processing in the synthesis phase.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 10:24 AM