prd-status
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The error handling documentation suggests the agent recommend using 'sudo' if write permissions are insufficient, which encourages privilege escalation.
- [PROMPT_INJECTION]: The skill ingests and processes untrusted data from PRD files without adequate isolation, creating a surface for indirect prompt injection.
- Ingestion points: PRD markdown files provided as input (SKILL.md).
- Boundary markers: No delimiters or 'ignore embedded instructions' warnings are implemented for the processed PRD content.
- Capability inventory: File move operations (using 'mv' or 'git mv') and file write operations for metadata/history updates (SKILL.md).
- Sanitization: There is no evidence of sanitization or filtering applied to the content read from the PRD files before processing.
Audit Metadata