product-manager-toolkit
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerability to Indirect Prompt Injection through untrusted data processing. • Ingestion points: Data enters via 'interview_transcript.txt' and 'features.csv' passed to analysis scripts. • Boundary markers: Absent; no instructions are provided to the agent to delimit or ignore instructions embedded within these files. • Capability inventory: The skill description explicitly lists integrations with high-privilege platforms including Jira, GitHub, and Slack. Attacker-controlled data influencing these systems represents a significant risk. • Sanitization: None present.
- [COMMAND_EXECUTION] (MEDIUM): The skill requires the execution of local Python scripts (e.g., scripts/rice_prioritizer.py). While no remote downloads are seen, the absence of the script source code means the actual behavior (such as file system access or hidden network calls) cannot be audited.
- [NO_CODE] (LOW): Referenced files are missing. The toolkit relies on a 'scripts/' directory and 'references/prd_templates.md' which are not included in the skill package.
Recommendations
- AI detected serious security threats
Audit Metadata