product-domain-engine
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as an orchestration layer for standard development tasks and provides documentation on product strategy. It does not utilize any remote services or perform suspicious operations.
- [INDIRECT_PROMPT_INJECTION]: The skill includes an auditing workflow that processes local repository data via
scripts/domain-audit.sh. This process is restricted to generating quantitative metrics (e.g., file counts, test coverage) and does not involve interpreting untrusted content as instructions, posing no significant injection risk. - [COMMAND_EXECUTION]: The provided bash script
scripts/domain-audit.shis used to audit local file structures for mode signals. It uses standard, non-destructive utilities such asfind,grep, andwcto count files and calculate scores. The script operates entirely offline and does not modify the target repository or access sensitive system paths.
Audit Metadata