product-creator
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute various system and development commands. This includes project scaffolding with npm, repository management with the gh CLI, and workflow orchestration through the ak (agent-kanban) tool.\n- [EXTERNAL_DOWNLOADS]: Fetches external software packages from the npm registry and clones source code from GitHub during the project initialization and development phases.\n- [PROMPT_INJECTION]: The skill ingests and processes untrusted data, which could be used to influence the agent's behavior through indirect prompt injection.\n
- Ingestion points: User-provided product descriptions/ideas and external code content retrieved via
gh pr diff.\n - Boundary markers: The instructions do not define clear delimiters or headers to separate untrusted data from the agent's internal orchestration logic.\n
- Capability inventory: The skill has broad execution capabilities through the Bash tool, allowing for file system modification, network operations, and package installation.\n
- Sanitization: No specific sanitization, validation, or escaping of ingested user input or PR diffs is mentioned before being used to generate task specifications or perform code reviews.
Audit Metadata