oh-pdd-prd-analysis
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because its primary function is to process untrusted external data (PRD documents).
- Ingestion points: The skill accepts a
{PRD文件路径}as input inSKILL.mdand processes the file content to generate reports. - Boundary markers: There are no explicit delimiters or instructions to ignore embedded prompts within the analyzed PRD file mentioned in
SKILL.mdorreferences/prd_format.md. - Capability inventory: The skill possesses the capability to read local files and generate/write output files (e.g.,
prd_analysis_report.md). - Sanitization: No sanitization logic is present to filter or escape instructions that might be maliciously embedded in the PRD content (e.g., hidden instructions in markdown comments).
- Command Execution (SAFE): While
references/completeness_rules.mdcontains bash and python snippets under the 'Auto-verification commands' section, these are presented as documentation and reference logic for the AI to emulate or for the user to run manually. They do not involve execution of untrusted remote content or unsanitized user input.
Audit Metadata