prd-to-ux
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- [SAFE] (SAFE): No malicious patterns detected.
- The skill uses strong instructional language ('The Iron Law', 'Not negotiable') to enforce a specific logical workflow for UX design. This is standard behavioral steering and does not target safety filters or attempt to override core agent instructions.
- All file operations are localized. The skill reads from and writes to the current directory based on user-provided PRD files. No network activity or hardcoded credentials were identified.
- The automated scanner finding for 'requirements.md' is disregarded as a false positive. In this context, it is a placeholder string used for documentation and file naming logic, with no associated remote download or execution pattern.\n- [Indirect Prompt Injection] (SAFE): The skill possesses a surface for indirect prompt injection, but the risk is assessed as SAFE given the limited capabilities.
- Ingestion points: Reads from PRD files provided by the user (e.g., 'PRD.md', 'requirements.md') via the filesystem.
- Boundary markers: Absent; the skill does not wrap input data in protective delimiters or warnings.
- Capability inventory: Limited to writing markdown text files to the local file system. No code execution, process spawning, or network exfiltration capabilities are present.
- Sanitization: None detected; the skill treats PRD content as raw text for analysis.
- Assessment: Because the agent's only capability is generating a text-based specification, an embedded instruction in a PRD file cannot cause significant harm to the system or exfiltrate data.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata