oss-product-selection
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill defines a legitimate research workflow for product selection without malicious intent.
- [EXTERNAL_DOWNLOADS]: The skill queries public platforms (GitHub, npm, Reddit, Hacker News) for market analysis, targeting well-known services.
- [COMMAND_EXECUTION]: The skill creates local markdown files to document phases, which are safe file operations within its scope.
- [PROMPT_INJECTION]: No prompt injection patterns or instruction bypasses were detected.
- [SAFE]: The skill contains an indirect prompt injection surface (Category 8) due to its research functions. Ingestion points: Data from Reddit, HN, GitHub, and npm processed via OP-NICHE, OP-PLATFORM, OP-PAIN, OP-HYPE, and OP-VALIDATE in references/operations.md. Boundary markers: The research operations use structured prompt templates to constrain output, though explicit instruction-ignore delimiters are absent. Capability inventory: The skill writes results to local markdown files (01-why-constraints.md through 07-spec.md). Sanitization: No explicit sanitization or filtering of external content is defined.
Audit Metadata