product-discovery
Warn
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of
go runto execute scripts located in the local repository's../../scripts/cmd/directory. - [COMMAND_EXECUTION]: Potential for command injection exists in multiple phases where user-provided input is passed to shell commands as arguments.
- Evidence: In Phase 2 (SKILL.md), the variable
$ANSWERis passed togo run ... --details="answer=$ANSWER". - Evidence: In Phase 5 (SKILL.md), discovery learnings are passed to
go run ... --body="<key learnings from discovery>". - Evidence: The
$SLUGvariable is used as an argument across almost all script execution calls throughout the discovery process. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing untrusted data from external researcher sub-agents and user responses without sufficient sanitization.
- Ingestion points: Market research findings (Phase 1) and user answers (Phase 2).
- Boundary markers: No delimiters or boundary markers are instructed to distinguish system commands from data when variables are interpolated into shell commands or templates.
- Capability inventory: Shell command execution via
go run, file system write access for saving value propositions, and Git repository management (commit/add). - Sanitization: There is no instruction to sanitize, escape, or validate the content of user-provided data before it is used in executable command strings or written to the filesystem.
Audit Metadata