jpralph-prd
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill possesses an attack surface for indirect prompt injection as it ingests untrusted user data to generate executable task definitions.
- Ingestion points: User feature descriptions provided at runtime are used to populate the PRD sections (
SKILL.md). - Boundary markers: Absent. The instructions do not specify the use of delimiters or 'ignore' instructions for the interpolated user content.
- Capability inventory: The skill has file-write capabilities, specifically saving generated content to the
tasks/directory. - Sanitization: The skill instructions recommend 'kebab-case' for filenames, which provides some protection against simple path traversal, but there is no explicit sanitization for the content of the requirements.
- Multi-step Risk: The skill is explicitly designed to create instructions for an autonomous agent ('Ralph'). Malicious content in the generated PRD could influence the downstream behavior of the agent when it attempts to implement the 'User Stories' defined in the file.
Audit Metadata