blueprint-prp-create

This skill is functionally coherent with its stated purpose: creating a PRP by reading local docs and code patterns, researching external docs, and writing a PRP markdown file while updating a manifest. There are no direct indicators of malicious intent such as hardcoded attacker endpoints, download-and-execute chains, or obfuscated payloads. However, the combination of read/write access to repository files, allowed shell execution (Bash), and outbound network capabilities (WebFetch/WebSearch) increases the attack surface. The primary risks are accidental exposure of repository secrets during broad exploration and the potential for automation to run commands or update files without strict human review. Mitigations: restrict the Explore scope, explicitly filter/redact secrets from outputs, require explicit user confirmation before running destructive or networked commands, and log/preview any manifest or PRP changes before writing.