Oathe Security Badge

Is saubade32/product-management-skill safe?

https://github.com/saubade32/product-management-skill

72
CAUTION

This skill presents legitimate educational content about product management frameworks but contains concerning executable files that users are encouraged to download and run. While the educational material appears genuine, the binary distribution mechanism poses significant security risks.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 80/100 · 25%
Code Execution 20/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 30/100 · 5%

Findings (4)

HIGH Executable Binary Distribution -80

The skill contains a zip file (cytogamy/skill_management_product_2.6.zip) that the README encourages users to download and execute. The documentation mentions running .exe and .msi files, indicating the presence of executable binaries.

MEDIUM Potential Data Access via Executable -20

While the skill content itself appears benign, the executable zip file that users are encouraged to download could potentially contain code that accesses sensitive data.

MEDIUM Mixed Legitimate and Suspicious Content -70

The skill combines legitimate educational content about product management with suspicious executable distribution, creating a potentially deceptive package.

LOW Standard Git Operations -10

Clone behavior was normal with expected GitHub connections and standard git operations.