prp-generator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted data from user files and external web research to generate executable shell commands in the final output, creating a surface for indirect instructions to influence system actions.
- Ingestion points: User-provided feature request files and text (SKILL.md, Phase 1), and external data retrieved via WebSearch (SKILL.md, Phase 3; references/research_methodology.md).
- Boundary markers: Absent. The instructions do not provide delimiters or specific guidelines for the agent to treat data from the web or user-uploaded files as untrusted or separate from system instructions.
- Capability inventory: The skill generates a Product Requirement Plan (PRP) containing 'Validation Gates' which are triple-backticked executable shell commands (e.g.,
npm run test) intended for a downstream agent to execute. It also has the capability to write files to the localPRPs/directory. - Sanitization: Absent. While the documentation (references/research_methodology.md) suggests implementing sanitization in the resulting code (e.g., DOMPurify), the skill itself does not perform sanitization on the external research data before including it in the generated shell command blocks.
Audit Metadata