money-product
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions do not contain any malicious patterns such as credential harvesting, obfuscation, or unauthorized remote code execution. It functions as an automated software engineering assistant.
- [PROMPT_INJECTION]: The skill represents an indirect prompt injection surface because it generates code and performs deployments based on external strategy documents or user input.
- Ingestion points: Inputs include strategy documents from '/money-strategy' and user-provided product specifications.
- Boundary markers: The instructions lack explicit delimiters or instructions to ignore embedded commands in the input data.
- Capability inventory: The agent can generate code, set up database schemas, configure environment variables, and execute production deployments via CLI.
- Sanitization: There are no documented sanitization steps for the ingested data before it is used for code generation.
- [COMMAND_EXECUTION]: The skill orchestrates various shell commands for project initialization, git operations, and platform-specific deployments (Vercel, Railway). These are core to its function as a full-stack product engineer and are performed within the scope of the user's project setup.
Audit Metadata