SafeAI-Global PRD Agent
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a
/inject-policycommand that allows users to add custom instructions to the agent's knowledge base. These instructions are assigned 'highest priority', potentially overriding global safety or regulatory standards if malicious content is injected (SKILL.md). - [COMMAND_EXECUTION]: The skill includes local Node.js utility scripts (
cli/safeai-lint.jsandcli/safeai-knowledge-build.js) and explicitly instructs users to have the agent execute these scripts to validate documentation, which constitutes a command execution capability (USER_GUIDE.md). - [PROMPT_INJECTION]: The core functionality of the skill involves processing and reviewing user-provided PRD drafts and design documents, which creates a surface for indirect prompt injection (USER_GUIDE.md).
- Ingestion points: User-provided PRD text/files and custom rules via the
/inject-policycommand. - Boundary markers: The instructions do not define explicit delimiters or use 'ignore-previous' warnings when ingesting user content.
- Capability inventory: The agent is authorized to perform file writing (to the
knowledge/custom/directory) and execute its internal CLI tools. - Sanitization: There is no documented mechanism for sanitizing or validating the content of user-injected policies or PRD drafts.
Audit Metadata