feature-availability
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process external 'signal content' (such as product updates or Slack messages) to extract feature names. This creates a surface for indirect prompt injection where malicious instructions embedded in the signals could attempt to influence agent behavior.
- Ingestion points: Signal content processed during the 'Extract Feature Mentions' step in
SKILL.md. - Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands within the signal data.
- Capability inventory: The skill utilizes
posthogMCP tools for data retrieval and performs file system write operations to generate reports and maintain a local cache. - Sanitization: There is no evidence of sanitization or validation of the input signal content before processing.
- [COMMAND_EXECUTION]: The skill defines local file paths for report generation (e.g.,
pm-workspace-docs/status/) and caching. These are standard operations for the intended workflow and do not involve shell execution or elevated privileges. - [CREDENTIALS_UNSAFE]: A hardcoded PostHog Project ID (
81505) is present in the configuration. This is a non-sensitive identifier used to scope API queries and does not constitute a secret or credential exposure.
Audit Metadata