ai-agent-prd
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The installation instructions (Option C) direct users to download content from an untrusted GitHub repository (okwinds/miscellany) which is not within the defined [TRUST-SCOPE-RULE].
- REMOTE_CODE_EXECUTION (HIGH): The use of 'npx openskills install' with an untrusted repository URL involves fetching and executing remote code on the local machine during the installation process.
- COMMAND_EXECUTION (MEDIUM): The usage guide includes a command that passes a user-supplied string ('Customer Support Agent') as a positional argument to a bash script; this presents a risk of command injection if the script does not properly sanitize its inputs.
- PROMPT_INJECTION (MEDIUM): The skill's primary function is to process untrusted PRD requirements and write files to the local system, creating a significant surface for indirect prompt injection (Category 8) where malicious inputs could manipulate the generated output or script behavior.
Recommendations
- AI detected serious security threats
Audit Metadata