product
Pass
Audited by Gen Agent Trust Hub on May 23, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands like ls to discover project structure and the GitHub CLI to fetch public metadata. These actions are transparent and aligned with the skill's purpose.
- [EXTERNAL_DOWNLOADS]: Fetches public repository statistics from GitHub. This targets a well-known service and involves only non-sensitive, public metadata.
- [PROMPT_INJECTION]: The skill analyzes local project files to provide suggestions during the interview process, representing a surface for indirect prompt injection. 1. Ingestion points: README.md, package.json, pyproject.toml, go.mod, Cargo.toml, PRODUCT.md, GOALS.md, and files in the .agents/ directory. 2. Boundary markers: Absent. 3. Capability inventory: Shell execution and file system write access. 4. Sanitization: Content is used for suggestions and reviewed by the user.
Audit Metadata