prd
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses package manager commands such as
npm outdated,pnpm audit, andnpm viewto perform dependency health checks and security audits. These are localized commands intended for project maintenance.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from the project's codebase and PRD files to generate task plans and verification commands.\n - Ingestion points: Content is read from the
roadmap,changelog, and the project's requirements document (.claude/reference/PRD.md).\n - Boundary markers: The skill does not employ delimiters or specific instructions to ignore embedded commands within the ingested text.\n
- Capability inventory: The skill possesses file-writing capabilities and can execute shell commands via package manager tools.\n
- Sanitization: Verification commands are generated using strings extracted directly from the PRD's test file mapping (e.g.,
npx vitest run <test>) without validation or escaping, which could lead to command injection if the PRD content is malicious.\n- [EXTERNAL_DOWNLOADS]: The skill interacts with the public npm registry to perform dependency audits and version checks. These network operations target well-known, trusted services and are consistent with the skill's stated purpose.
Audit Metadata