blueprint-prp-create
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool for local project state management and utility operations.
- It executes 'test' and 'find' to verify the existence of the blueprint directory structure and locate existing documentation.
- It uses 'jq' and 'awk' to read and increment sequential ID counters stored in 'docs/blueprint/manifest.json'.
- [EXTERNAL_DOWNLOADS]: The skill uses 'WebSearch' and 'WebFetch' to gather research data from the internet.
- It retrieves official documentation, community discussions (Stack Overflow, GitHub), and best practices to inform the product requirement prompt.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it processes untrusted data from the web and incorporates it into a prompt packet (PRP) intended for later execution.
- Ingestion points: External data retrieved via 'WebSearch' and 'WebFetch' in Step 3.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the fetched content are defined in the workflow.
- Capability inventory: The skill utilizes 'Write' for file creation and 'Bash' for local utility execution.
- Sanitization: There is no mention of sanitizing or escaping the content fetched from the web before it is written into the PRP Markdown document.
Audit Metadata