z-product
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing external data from pull request comments.\n
- Ingestion points: The
prd/edit-prd.mdfile instructs the agent to read and analyze pull request review comments and inline comments.\n - Boundary markers: No delimiters or safety instructions are provided to separate the external comments from the core prompt logic.\n
- Capability inventory: The agent can perform file system writes and git operations (
git push,git worktree) which could be influenced by instructions embedded within malicious comments.\n - Sanitization: There is no mention of sanitizing or validating the input from the pull request comments before the agent processes them.\n- [COMMAND_EXECUTION]: The skill uses specific git commands to manage the product documentation repository.\n
- Evidence: In
prd/create-prd.md,prd/edit-prd.md, andprd/reviewed-prd.md, the agent is instructed to usegit fetch,git worktree, andgit pushto handle branch management and file operations. These are legitimate tools for the skill's purpose but represent a control surface over the local environment and remote repository.
Audit Metadata