prd-generator
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- Command Execution (HIGH): User-controlled input (Project Name) is directly interpolated into shell commands in SKILL.md (Step 6). Evidence: 'mkdir -p ./prd_outputs/[Project Name]/' and 'npx md-to-pdf "./prd_outputs/[Project Name]/[project_name]_PRD.md"'. This allows an attacker to execute arbitrary commands by including shell metacharacters such as backticks or subshells in the project name.
- External Downloads (MEDIUM): The skill uses 'npx md-to-pdf' to generate PDF output. Evidence: Step 6c of SKILL.md. This command fetches and executes code from the npm registry at runtime without pinning to a specific version, creating a supply chain risk.
- Remote Code Execution (HIGH): The lack of shell escaping or sanitization when constructing command lines with user data allows for full arbitrary code execution on the host system.
- Indirect Prompt Injection (LOW): The skill has an exploitable attack surface for indirect prompt injection via the project name parameter.
- Ingestion points: Product name and description provided by the user.
- Boundary markers: None present to isolate data from command logic.
- Capability inventory: Shell execution ('mkdir', 'npx').
- Sanitization: No escaping or validation of user data before shell interpolation.
Recommendations
- AI detected serious security threats
Audit Metadata