list-prds
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data from external files. An attacker could embed instructions in the YAML metadata or task lists of the markdown files to attempt to influence the agent's behavior.
- Ingestion points: YAML metadata headers and task list files in the
product-docs/directory. - Boundary markers: Absent; no instructions are provided to the agent to distinguish between data and commands in the processed files.
- Capability inventory: Reading local files and creating the
product-docs/directory. - Sanitization: Absent; the skill does not specify any validation or sanitization for the extracted information.
Audit Metadata