product-planner

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill does not execute system commands. It generates a markdown roadmap with task descriptions for coding agents to follow, but does not initiate any subprocesses itself.
  • [PROMPT_INJECTION]: The skill processes data from docs/product-idea.md and user input. This data is used to generate documentation templates. There is a surface for indirect prompt injection as untrusted data is interpolated into generated prompts and files, though the impact is confined to the generated markdown content.
  • [DATA_EXFILTRATION]: The skill requests permission to write to a docs/ directory to store its generated vision, PRD, and roadmap files. No access to sensitive environment variables, SSH keys, or cloud credentials was observed.
  • [EXTERNAL_DOWNLOADS]: Includes URLs to the vendor's GitHub repository and reputable development services like CodeRabbit for documentation and tool recommendations. No remote scripts are downloaded or executed automatically.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 07:35 PM