team-product-discovery
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through the ingestion and interpolation of untrusted user input into subordinate agent tasks.
- Ingestion points: User-provided descriptions for the product opportunity, target market, and resource constraints defined in SKILL.md.
- Boundary markers: User-supplied data is interpolated directly into the instructions for the sub-agents (via the /fleet command) without the use of delimiters or explicit warnings to ignore embedded instructions.
- Capability inventory: The skill performs multiple file write operations to the local 'docs/discovery/' directory and orchestrates the execution of eight separate AI agent skills.
- Sanitization: No validation, escaping, or sanitization is performed on the user-provided context variables before they are used to drive the agent team's logic.
Audit Metadata