launch-window-planner

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill operates on untrusted data from external sources such as ProductHunt, Hacker News, and GDELT, making it a surface for indirect prompt injection.\n
  • Ingestion points: Industry news pulse and competitor launch history fetched via scripts and user-provided calendars (SKILL.md).\n
  • Boundary markers: Explicit instructions are present in the 'Instructions' section to treat all external data as untrusted and to never follow instructions embedded within it.\n
  • Capability inventory: The skill has read/write access to internal memory paths and executes specific local Python scripts to retrieve data.\n
  • Sanitization: Security relies on the agent adhering to explicit 'Scope guard' and untrusted data handling instructions.\n- [COMMAND_EXECUTION]: The skill uses local Python scripts to interact with external APIs.\n
  • Evidence: Calls to scripts/connectors/producthunt.py, scripts/connectors/hn.py, and scripts/connectors/gdelt.py.\n
  • Context: These are authorized vendor-provided connectors for legitimate market research purposes.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 09:34 AM
Security Audit — agent-trust-hub — launch-window-planner