prd-to-prototype
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard system utilities to perform file search and hosting operations. In
commands/generate.md, it employs thefindcommand to discover PRD files within the local project directory. Incommands/preview.md, it provides instructions to initiate a local HTTP server using thepython3 -m http.servercommand.\n- [EXTERNAL_DOWNLOADS]: The skill references the use ofnpx serveincommands/preview.mdto provide a preview environment, which involves fetching and executing theservepackage from the well-known npm registry at runtime.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted text from project files and passes it to an external AI skill for code generation.\n - Ingestion points: The skill reads content from
*_main_prd.mdand*_module_prd.mdfiles located in the project workspace, as specified incommands/generate.md.\n - Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the prompt logic defined in
templates/prototype_prompt_template.md.\n - Capability inventory: Capabilities include system command execution via shell (
find), interaction with thefrontend-designskill for file generation, and launching local network services.\n - Sanitization: No sanitization, validation, or escaping of the parsed PRD content is performed before it is interpolated into the prototype generation prompt.
Audit Metadata