product-thinker
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it performs actions that ingest untrusted data from external web pages.
- Ingestion points: The agent is specifically directed in SKILL.md to explore live sites and competitor products using browser tools.
- Boundary markers: No specific delimiters or instructions are provided to help the agent distinguish its primary instructions from potentially malicious content found on external sites.
- Capability inventory: The skill possesses the ability to spawn sub-agents, access the local codebase (e.g., CLAUDE.md), and take screenshots of the browser environment.
- Sanitization: The skill lacks mechanisms for sanitizing or validating content retrieved from external URLs before processing it.
Audit Metadata