Skills
skills/tsaol/awesome-claude/product-review/Gen Agent Trust Hub

product-review

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a bash script (Phase 0) to collect project metadata including directory structures, README content, configuration files (e.g., package.json, pyproject.toml), and git logs. These operations are essential for the skill's primary function of analyzing a codebase.
  • [EXTERNAL_DOWNLOADS]: The pipeline utilizes the gh CLI to fetch repository statistics (stars, forks, issues) from GitHub's official API. This is a legitimate use of a well-known service to enhance product analysis.
  • [PROMPT_INJECTION]: The skill processes untrusted data from the analyzed codebase (such as README files). It employs a structured multi-agent workflow and uses markdown delimiters in the snapshot file, which serves as a mitigation against indirect prompt injection by providing clear context boundaries for the analysis agents.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 01:11 AM