product-strategy-to-ops
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using the
bdandbvCLI tools to create issues, establish dependencies, and generate execution plans. Document content (e.g., hypothesis text, risk descriptions) is used directly as arguments for these commands (SKILL.md). - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted inputs from strategy artifacts.
- Ingestion points: Strategy documents such as Opportunity Briefs, Launch Playbooks, and Growth Models parsed in Step 1 (SKILL.md).
- Boundary markers: Absent; the instructions do not specify delimiters or instructions to ignore embedded commands within the artifacts.
- Capability inventory: The skill creates and modifies project issues via
bd, runs diagnostic tools viabv, and appends tracking links to local documentation files (SKILL.md). - Sanitization: Absent; extracted text from artifacts is interpolated directly into shell command templates in Step 3 and the 'Conversion Templates' section, which could be exploited if an artifact contains shell metacharacters (SKILL.md).
Audit Metadata