prd-interview
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to how it handles external data.
- Ingestion points: User responses collected via the
AskUserQuestiontool and existing PRD files processed during the/prd-builder:refineoperation. - Boundary markers: The instructions do not define any delimiters (such as XML tags or triple quotes) or negative constraints to prevent the agent from obeying instructions embedded within the user's answers or the documents being refined.
- Capability inventory: The skill can perform local file writes to
.taskmanager/anddocs/prd/, and it can trigger the/taskmanager:planand/taskmanager:runtools. - Sanitization: There is no evidence of input validation, escaping, or filtering of the content provided by users or found in external files before it is used to generate the final PRD or the subsequent task list.
- [COMMAND_EXECUTION]: The skill provides a direct path to autonomous execution via the
/taskmanager:runcommand. While this is behind a user confirmation prompt, the lack of sanitization in the task generation phase means that malicious instructions injected into a PRD could potentially be translated into dangerous executable tasks that the user might inadvertently authorize.
Audit Metadata