prd
Fail
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation encourages users to install the tool by downloading a shell script from a remote GitHub repository at
https://raw.githubusercontent.com/codesoda/make-prd/main/install.sh. - [REMOTE_CODE_EXECUTION]: The README and the installation script facilitate a pattern where remote code is executed directly via a pipe to bash. This specific execution method is identified by automated security tools as a significant risk vector.
- [COMMAND_EXECUTION]: The
install.shscript executes several commands to configure the local environment, includinggit cloneto retrieve the source andln -sto install the skill into application-specific directories like~/.claude/skills. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted user descriptions to generate PRD content. Evidence: 1. Ingestion points: The skill accepts a feature description in
SKILL.md. 2. Boundary markers: None are present to distinguish user input from instructions. 3. Capability inventory: The skill can write files to thetasks/directory. 4. Sanitization: There is no validation or filtering of user-provided content before it is processed by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/codesoda/make-prd/main/install.sh - DO NOT USE without thorough review
Audit Metadata