prd-task
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted Markdown data from PRD files and transforms them into JSON tasks that guide an autonomous agent. A malicious PRD could contain harmful commands or instructions within the verification steps, which a downstream agent might execute. Evidence: (1) Ingestion points: prd-.md; (2) Boundary markers: None present to isolate data from instructions; (3) Capability inventory: File system movement and writing within the project workspace, and preparation of tasks for agent execution; (4) Sanitization: No explicit validation or escaping of PRD content.
- [Data Exposure & Exfiltration] (SAFE): The skill restricts its file operations to the local .opencode/state/ directory. No access to sensitive system paths or network exfiltration patterns were identified.
Audit Metadata