product-manager
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted customer feedback.
- Ingestion points: The agent reads 'feedback beads' (SKILL.md, Customer Feedback Triage section).
- Boundary markers: There are no instructions to use delimiters or ignore instructions within the feedback content.
- Capability inventory: The agent has access to other skills, can read source code, prototype UI, and write documentation.
- Sanitization: No validation or sanitization process for feedback content is specified.
- [NO_CODE]: The skill consists exclusively of Markdown documentation and persona instructions. It does not include any Python or Node.js scripts, binary executables, or automated system configuration files.
Audit Metadata