product-design
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user-provided feature requests and persists the resulting requirements into local project files (specs/product_specs.md). This creates a surface for indirect prompt injection where a user could potentially embed instructions that affect downstream processes.
- Ingestion points: Step 1 and Step 2 involve processing user-supplied feature and requirement descriptions in the SKILL.md workflow.
- Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands within user input before processing.
- Capability inventory: The skill uses the str_replace tool to write content to the file system (specifically the specs/ directory).
- Sanitization: No explicit sanitization or validation of the user-provided text is performed before it is committed to the PRD.
Audit Metadata