product-planner
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill does not execute system commands. It generates a markdown roadmap with task descriptions for coding agents to follow, but does not initiate any subprocesses itself.
- [PROMPT_INJECTION]: The skill processes data from
docs/product-idea.mdand user input. This data is used to generate documentation templates. There is a surface for indirect prompt injection as untrusted data is interpolated into generated prompts and files, though the impact is confined to the generated markdown content. - [DATA_EXFILTRATION]: The skill requests permission to write to a
docs/directory to store its generated vision, PRD, and roadmap files. No access to sensitive environment variables, SSH keys, or cloud credentials was observed. - [EXTERNAL_DOWNLOADS]: Includes URLs to the vendor's GitHub repository and reputable development services like CodeRabbit for documentation and tool recommendations. No remote scripts are downloaded or executed automatically.
Audit Metadata