blueprint-derive-prd
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- Command Execution (SAFE): The skill uses local shell commands (fd, jq) to discover files and parse the manifest.json within the project directory. These operations are constrained to the local file system and are standard for development workflows.
- Data Exfiltration (SAFE): The skill optionally uses the 'gh' CLI to create GitHub issues. While this transmits data (PRD summaries) to an external service, GitHub is a trusted platform and the data transmission is a user-initiated feature for project management.
- Indirect Prompt Injection (LOW): The skill analyzes untrusted content from README.md and other project documents. This presents an attack surface where malicious instructions embedded in a README could influence the generated PRD. Evidence: 1. Ingestion points: README.md, package manifest files. 2. Boundary markers: Not explicitly defined during LLM interpolation. 3. Capability inventory: Bash execution and file write access. 4. Sanitization: No explicit sanitization or escaping of ingested file content before PRD generation.
Audit Metadata