prd
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates JSON files containing shell commands for "quality gates" (e.g.,
npm run test,npm run lint) and project setup steps. These commands are intended to be executed deterministically by a downstream agent. - [EXTERNAL_DOWNLOADS]: The skill's instructions mandate the inclusion of package installation commands (e.g.,
npm install <pkg>) within the generated PRD's acceptance criteria for any new dependencies defined by the user. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted user input to generate executable instructions for other agents.
- Ingestion points: Feature descriptions provided by the user in Step 1 and answers to clarifying questions.
- Boundary markers: No specific delimiters or safety instructions are used to separate user-provided content from the agent's logic during PRD generation.
- Capability inventory: The skill has the capability to write JSON files to the filesystem containing arbitrary command strings intended for execution.
- Sanitization: No explicit validation or sanitization of user-provided feature goals or stack choices is performed before inclusion in the command strings.
- Remediation: To mitigate this risk, user-provided content should be wrapped in clear delimiters with instructions for the agent to ignore any embedded directives, and generated commands should be validated against a strict allowlist.
Audit Metadata