product-owner

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill implements standard project management workflows such as RICE and MoSCoW prioritization. It provides structured templates for product backlog items and idea artifacts without performing any high-risk operations.
  • [COMMAND_EXECUTION]: The skill instructs the agent to use the Glob tool for discovering project-specific business feature documentation (e.g., docs/business-features/*/README.md). This search is limited to the local documentation directory and is used for module detection.
  • [DATA_EXFILTRATION]: Analysis confirmed no network calls, external URLs, or access to sensitive system files (such as SSH keys or environment secrets). The skill's file access is restricted to the workspace's documentation and team-artifact directories.
  • [INDIRECT_PROMPT_INJECTION]: The skill's primary function involves reading and processing external project documentation and backlog items which may contain untrusted data.
  • Ingestion points: Reads files from docs/business-features/, docs/project-reference/, and team-artifacts/pbis/ (identified in SKILL.md).
  • Boundary markers: Not present; instructions do not specify delimiters to separate external file content from system instructions.
  • Capability inventory: Uses Glob for filesystem discovery, file-read operations, TaskCreate for workflow management, and AskUserQuestion for user interaction (identified in SKILL.md).
  • Sanitization: There are no explicit instructions to sanitize or validate the content of the ingested project files.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 08:35 PM
Security Audit — agent-trust-hub — product-owner