jpralph-auto
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection because it parses user stories from an external file (
prd.json) and is instructed to implement them completely without validation. - Ingestion points: The skill reads user stories and acceptance criteria from
prd.jsonat the project root. - Boundary markers: Absent. There are no delimiters or warnings to ignore embedded instructions within the user stories.
- Capability inventory: The skill can write files, execute Git commands (checkout, commit), and run shell-based quality checks (typecheck, lint, test).
- Sanitization: Absent. The agent is directed to treat the content of
prd.jsonas the authoritative source for code changes. - [COMMAND_EXECUTION] (LOW): The skill performs shell command execution to manage the development environment and validate code.
- Evidence: Explicit instructions to execute Git commands (
check it out or create from main,commit with message) and run project scripts (typecheck, lint, test). While standard for development tools, these capabilities can be abused if the input PRD is malicious.
Audit Metadata