product-decision-agent
Pass
Audited by Gen Agent Trust Hub on Jul 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a comprehensive toolkit for product managers, containing detailed instructions and reference materials. No malicious behaviors such as data exfiltration, credential harvesting, or harmful prompt injections were identified.
- [COMMAND_EXECUTION]: The skill includes instructions to run a local Python script
scripts/quality_gate.py. This script is used to validate that the AI's outputs adhere to quality standards (e.g., ensuring they are in Chinese, actionable, and do not reference source methodology). The script is benign, uses standard libraries, and operates solely on text files via regex patterns. - [DYNAMIC_EXECUTION]: The provided test script
scripts/test_quality_gate.pyutilizesimportlib.utilto dynamically load and test the quality gate script. This is a standard practice for unit testing in Python and does not pose a security risk in this context as it targets a specific local file provided within the skill package. - [PROMPT_INJECTION]: The skill contains internal instructions for the agent to maintain its persona (e.g., 'Do not expose background methods', 'Do not mention original texts'). These are constraints designed for professional consistency rather than attempts to bypass platform safety filters or exfiltrate system prompts.
Audit Metadata