pm-collect
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes several shell commands, including
find,grep,ls,git, andhead, to perform a deep scan of the local project directory. These commands are primarily used to extract technical metadata, README files, documentation, and source code annotations (e.g., TODO/FIXME) to provide context for the product management workflow. - [EXTERNAL_DOWNLOADS]: The skill is designed to automatically fetch and parse content from URLs provided in the user input (
$ARGUMENTS). This behavior constitutes a network operation targeting potentially untrusted external domains. - [PROMPT_INJECTION]: The skill exhibits vulnerability factors for indirect prompt injection:
- Ingestion points: External data is ingested from arbitrary URLs extracted from user input in the
$ARGUMENTSfield (SKILL.md, Section 3). - Boundary markers: No specific boundary markers or delimiters are defined in the instructions to isolate untrusted external content from the agent's core logic or subsequent tasks.
- Capability inventory: The skill allows the agent to execute shell-based environment scanning tools and write findings to the local filesystem (e.g.,
docs/pm-context/collect/). - Sanitization: The instructions do not include any steps for sanitizing, validating, or filtering the fetched external content before it is processed or stored.
Audit Metadata