skills/wcof/pmskill/pm-collect/Gen Agent Trust Hub

pm-collect

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes several shell commands, including find, grep, ls, git, and head, to perform a deep scan of the local project directory. These commands are primarily used to extract technical metadata, README files, documentation, and source code annotations (e.g., TODO/FIXME) to provide context for the product management workflow.
  • [EXTERNAL_DOWNLOADS]: The skill is designed to automatically fetch and parse content from URLs provided in the user input ($ARGUMENTS). This behavior constitutes a network operation targeting potentially untrusted external domains.
  • [PROMPT_INJECTION]: The skill exhibits vulnerability factors for indirect prompt injection:
  • Ingestion points: External data is ingested from arbitrary URLs extracted from user input in the $ARGUMENTS field (SKILL.md, Section 3).
  • Boundary markers: No specific boundary markers or delimiters are defined in the instructions to isolate untrusted external content from the agent's core logic or subsequent tasks.
  • Capability inventory: The skill allows the agent to execute shell-based environment scanning tools and write findings to the local filesystem (e.g., docs/pm-context/collect/).
  • Sanitization: The instructions do not include any steps for sanitizing, validating, or filtering the fetched external content before it is processed or stored.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 01:10 AM
Security Audit — agent-trust-hub — pm-collect