Skills
skills/laststance/skills/product-inspiration/Gen Agent Trust Hub

product-inspiration

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It is designed to fetch untrusted data from external sources via WebSearch, WebFetch, and mcp__tavily__tavily_search (Phase 2) and use this information to generate and implement executable code (Phase 5).
  • Ingestion points: External data enters the agent context through search results and web fetches during the research phase (SKILL.md, Phase 2).
  • Boundary markers: The instructions do not define boundary markers or delimiters to separate untrusted web content from the agent's instructions during the code generation process.
  • Capability inventory: The skill uses Write, Bash, and Skill (Electron) tools to create, execute, and move code (SKILL.md, Phases 5 and 8).
  • Sanitization: There is no mention of sanitizing or validating the content retrieved from the web before it is interpolated into code generation prompts.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform file system operations, specifically copying and moving generated code components from the trial directory (_trials/) to the production source directory (src/) (SKILL.md, Phase 8.1 and 8.2).
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 03:13 AM