Skills
skills/jinjin1/cursor-for-product-managers/analyze-metrics/Gen Agent Trust Hub

analyze-metrics

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill defines a standard business workflow for data analysis. It relies on provided internal data sources and outputs structured markdown evidence, presenting no direct security risks.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as it ingests untrusted data from raw analytics exports.
  • Ingestion points: Raw analytics files, event data, and dashboard exports (Step 2).
  • Boundary markers: Absent. The prompt template does not use specific delimiters to isolate external data from instructions.
  • Capability inventory: File writing (markdown) and code generation (.canvas.tsx).
  • Sanitization: None specified.
  • Assessment: Risk is minimal as the primary output is documentation; however, the generation of TSX files could theoretically be used to inject malicious scripts into a visualization environment if the source data is adversarial.
  • [COMMAND_EXECUTION]: The skill describes the generation of .canvas.tsx files for the Cursor Canvas feature. These are React/TypeScript files. While the skill does not execute them automatically, users should treat these generated files as executable code and verify their content if the source data is not trusted.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 04:19 PM
Security Audit — agent-trust-hub — analyze-metrics