launch-window-planner
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill operates on untrusted data from external sources such as ProductHunt, Hacker News, and GDELT, making it a surface for indirect prompt injection.\n
- Ingestion points: Industry news pulse and competitor launch history fetched via scripts and user-provided calendars (SKILL.md).\n
- Boundary markers: Explicit instructions are present in the 'Instructions' section to treat all external data as untrusted and to never follow instructions embedded within it.\n
- Capability inventory: The skill has read/write access to internal memory paths and executes specific local Python scripts to retrieve data.\n
- Sanitization: Security relies on the agent adhering to explicit 'Scope guard' and untrusted data handling instructions.\n- [COMMAND_EXECUTION]: The skill uses local Python scripts to interact with external APIs.\n
- Evidence: Calls to
scripts/connectors/producthunt.py,scripts/connectors/hn.py, andscripts/connectors/gdelt.py.\n - Context: These are authorized vendor-provided connectors for legitimate market research purposes.
Audit Metadata