tdg-personal/product-lens
Use this skill to validate the "why" before building, run product diagnostics, and pressure-test product direction before the request becomes an implementation contract.
49
49%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Security
1 medium severity finding. This skill can be installed but you should review these findings before use.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.80). The skill's Mode 2 workflow in SKILL.md explicitly instructs the agent to "Read README, CLAUDE.md, package.json, recent commits" (repository files), which are user-generated/untrusted third‑party content that the agent must read and interpret to drive product decisions, creating a clear avenue for indirect prompt injection.
- Audited
- Security analysis