blueprint-prp-create
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes dynamic context injection (the !command syntax) in the SKILL.md file to gather environment state such as checking for the existence of the blueprint manifest and existing PRDs. These commands are scoped to the project's documentation directories.
- [EXTERNAL_DOWNLOADS]: The skill uses WebSearch and WebFetch tools to research external library documentation and community best practices. These tools are used to gather data from the public internet.
- [PROMPT_INJECTION]: The skill implements a workflow that processes untrusted data from external websites (Step 3) to generate product requirements (Step 5). This creates an attack surface for indirect prompt injection where malicious instructions embedded in web content could attempt to influence the agent's output.
- Ingestion points: Content retrieved via WebFetch and WebSearch from third-party documentation and forums in SKILL.md Step 3.
- Boundary markers: Absent. The skill does not explicitly use delimiters to isolate untrusted external content.
- Capability inventory: The skill has file-writing capabilities (Write tool) and local command execution capabilities (Bash tool).
- Sanitization: Absent. There is no evidence of validation or filtering of the fetched external content before it is used to draft the PRP document.
Audit Metadata