product-domain-engine

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill serves as an orchestration layer for standard development tasks and provides documentation on product strategy. It does not utilize any remote services or perform suspicious operations.
  • [INDIRECT_PROMPT_INJECTION]: The skill includes an auditing workflow that processes local repository data via scripts/domain-audit.sh. This process is restricted to generating quantitative metrics (e.g., file counts, test coverage) and does not involve interpreting untrusted content as instructions, posing no significant injection risk.
  • [COMMAND_EXECUTION]: The provided bash script scripts/domain-audit.sh is used to audit local file structures for mode signals. It uses standard, non-destructive utilities such as find, grep, and wc to count files and calculate scores. The script operates entirely offline and does not modify the target repository or access sensitive system paths.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 12:03 PM
Security Audit — agent-trust-hub — product-domain-engine