product-thinking

Warn

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses bunx @rayhanadev/truffler to perform codebase searches. This command downloads the package from the public npm registry if it is not already present locally.
  • [REMOTE_CODE_EXECUTION]: The use of bunx to run third-party packages at runtime constitutes a remote code execution pattern, as it executes code fetched from a remote repository.
  • [COMMAND_EXECUTION]: The skill executes several shell commands to analyze the project and run checks:
  • rg (ripgrep) for searching flags and options in the source code.
  • nr (npm/bun run) for executing project scripts like typecheck, test, lint, and smoke:json-report.
  • nr changeset for versioning management.
  • [DATA_EXFILTRATION]: The skill instructs the agent to wire telemetry metrics using Sentry. While the instructions emphasize anonymization via scrubSentryEvent and scrubSentryMetric, the skill facilitates the transmission of usage data to an external service (Sentry).
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface:
  • Ingestion points: User-provided inputs describing the "Job" and "Change" in the Product Brief (SKILL.md).
  • Boundary markers: Absent. The skill uses standard Markdown headers but lacks explicit delimiters or instructions to ignore embedded commands within user-supplied descriptions.
  • Capability inventory: Subprocess execution (bunx, rg, nr) and network telemetry transmission.
  • Sanitization: Absent. User descriptions are directly interpolated into the technical brief and subsequent PR content without escaping or validation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 05:29 AM
Security Audit — agent-trust-hub — product-thinking