Skills
skills/laurigates/claude-plugins/blueprint-prp-execute/Gen Agent Trust Hub

blueprint-prp-execute

Fail

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill's primary workflow involves extracting and running arbitrary shell commands from docs/prps/{prp-name}.md files.
  • Evidence: In SKILL.md (Steps 2 and 4), the agent is instructed to run [command from PRP] and [cmd] via the Bash tool.
  • Evidence: The Context section uses shell execution markers (!) to run find and grep commands using the user-provided prp-name argument.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it relies on untrusted markdown files to drive its execution logic and command parameters.
  • Ingestion points: docs/prps/{prp-name}.md and docs/blueprint/feature-tracker.json.
  • Boundary markers: Absent. There are no delimiters or instructions to ignore malicious embedded directives when the agent processes the PRP content.
  • Capability inventory: High-privilege access via Bash (shell), Write/Edit (filesystem), and gh (GitHub interaction).
  • Sanitization: Absent. The skill does not validate or sanitize the commands extracted from the documentation before execution.
  • [DATA_EXFILTRATION]: The combination of arbitrary shell command execution and the availability of the gh (GitHub) CLI tool allows for data exfiltration.
  • Evidence: A malicious PRP file could specify a command that pipes sensitive environment variables or source code to an external repository or endpoint via gh issue create or standard shell tools like curl (if available via Bash).
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 2, 2026, 01:16 AM