Skills
skills/varnan-tech/opendirectory/producthunt-launch-kit/Gen Agent Trust Hub

producthunt-launch-kit

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands like ls to check for project metadata in README.md and package.json. It also uses curl to send data to the Gemini API and python3 -c to parse the resulting JSON response.\n- [EXTERNAL_DOWNLOADS]: The skill interacts with the official Google Gemini API at generativelanguage.googleapis.com. This is a well-known service and the primary tool used for content generation.\n- [PROMPT_INJECTION]: The skill reads local project documentation and interpolates it into a prompt, creating an indirect prompt injection surface.\n
  • Ingestion points: SKILL.md (Step 1) reads local README.md and package.json files.\n
  • Boundary markers: The skill uses a structured JSON payload and a system_instruction to constrain the AI model's generation behavior.\n
  • Capability inventory: Includes file system checks (ls) and network communication (curl).\n
  • Sanitization: Relies on the Gemini API's safety layers and the skill's specific system instructions to the model.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 05:53 PM
Security Audit — agent-trust-hub — producthunt-launch-kit