prd
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill accepts unvalidated user input to populate the content of a PRD file. This allows a user to inject instructions that could mislead an agent or be executed by downstream processes. * Ingestion points: User-provided feature descriptions and answers during the clarifying question phase. * Boundary markers: Absent; the skill lacks delimiters or instructions to prevent the agent from following embedded user commands within the 'feature description'. * Capability inventory: File system write access (saving to tasks/ directory) and generation of instructions for the 'dev-browser skill'. * Sanitization: The feature-name is used directly in the filename without validation, creating a surface for path traversal attacks if the agent does not enforce strict directory boundaries.
Audit Metadata