prd-progress
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing external PRD and task markdown files. 1. Ingestion points: The agent reads the user-specified and fallback task file locations defined in the execution instructions. 2. Boundary markers: There are no instructions to use delimiters or specify that the agent should ignore instructions within the parsed files. 3. Capability inventory: The agent is instructed to read local filesystem data and execute git commands. 4. Sanitization: No content validation or escaping is performed on the ingested markdown before processing.
- [COMMAND_EXECUTION]: The skill instructions involve running shell commands to retrieve repository history. Evidence: Instruction 5 in the Implementation Tips section directs the agent to 'Extract completion dates from git history if available'.
Audit Metadata