Skills
skills/product-on-purpose/pm-skills/utility-pm-skill-builder/Gen Agent Trust Hub

utility-pm-skill-builder

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes local repository validation scripts (bash scripts/lint-skills-frontmatter.sh, bash scripts/validate-agents-md.sh, and bash scripts/validate-commands.sh) to ensure generated skill files meet CI requirements.
  • [PROMPT_INJECTION]: Ingests user-provided skill ideas to generate new instructions and command files. While this creates an indirect prompt injection surface where a malicious idea could result in a compromised skill, the process is mitigated by a mandatory human review step in a gitignored staging area before promotion to active directories.
  • [EXTERNAL_DOWNLOADS]: References the official repository (github.com/product-on-purpose/pm-skills) for context and library references. These references target the vendor's own infrastructure and are used for legitimate project coordination.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 09:26 AM