foundation-build-risk-review
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security findings were identified. The skill is composed of purely instructional content and static data for product risk modeling.
- [PROMPT_INJECTION]: The instructions do not contain attempts to bypass safety filters or ignore system-level constraints. The language used is descriptive and limited to the product management domain.
- [DATA_EXFILTRATION]: No patterns associated with data exfiltration, such as network calls or sensitive file path access, were detected. References to local files are restricted to documentation and templates within the skill package.
- [REMOTE_CODE_EXECUTION]: The skill does not download or execute external dependencies or remote scripts. There is no usage of package managers or remote code execution commands.
- [COMMAND_EXECUTION]: The skill implements a 'Hard gate' that explicitly instructs the agent to avoid writing code or recommending technology stacks, which effectively prevents the generation of executable shell commands.
Audit Metadata