prd-drafter
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted input from the user to drive its core logic and output generation. ● Ingestion points: The USER_PROMPT variable (SKILL.md) is the entry point for untrusted data. ● Boundary markers: No delimiters or specific instructions to ignore embedded commands are present in the processing logic. ● Capability inventory: The skill is capable of writing a PRD file to the filesystem and executing a shell command via run_shell_command (SKILL.md). ● Sanitization: There is no evidence of sanitization or validation of the user input before it is used to influence agent behavior.
- [Command Execution] (MEDIUM): The skill automatically executes a shell command (node update-state.js) as part of its completion protocol. While the command targets an internal script, the execution is triggered after the agent has processed potentially malicious user input, creating a risk of state manipulation.
Recommendations
- AI detected serious security threats
Audit Metadata