prd
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill executes
git log --oneline -10andcat CLAUDE.mdto gather project conventions. These are read-only operations on the local filesystem and do not pose a significant risk. - COMMAND_EXECUTION (LOW): The skill executes a custom command
ralph project-dirto determine the output path. This assumes the existence and safety of theralphCLI tool in the execution environment. - PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface detected in Step 0A. The skill is explicitly told to treat user-provided instructions as 'non-negotiable requirements' and incorporate them into the output without validation.
- Ingestion points: User prompt (processed within
SKILL.md). - Boundary markers: Absent. There are no instructions to delimit user input or ignore embedded malicious directives.
- Capability inventory: The skill has the capability to read local files (
cat), read git history (git log), and write files to a path determined by a shell command. - Sanitization: Absent. The skill does not filter or escape content extracted from the user prompt before placing it in the PRD.
Audit Metadata