Skills
skills/alirezarezvani/claude-skills/cpo-review/Gen Agent Trust Hub

cpo-review

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes local Python scripts located at relative paths outside its own directory. These scripts appear to be internal tools for product management analysis.
  • Evidence: python ../../../../product-team/product-manager-toolkit/scripts/rice_prioritizer.py in SKILL.md.
  • Evidence: python ../../../skills/cpo-advisor/scripts/pmf_scorer.py and portfolio_analyzer.py in SKILL.md.
  • [SAFE]: The skill possesses a surface for indirect prompt injection as it processes a user-supplied product plan (<plan>). However, no malicious intent was found in the instructions.
  • Ingestion points: User input via the <plan> argument.
  • Boundary markers: Absent.
  • Capability inventory: Execution of local Python scripts.
  • Sanitization: Not explicitly defined.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 10:30 AM