prd-generator
Fail
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill incorporates user-provided product names directly into shell commands for folder creation (
mkdir) and PDF generation (npx md-to-pdf) in SKILL.md. This allows for command injection if a user provides a name containing shell metacharacters such as backticks or semicolons.\n - Ingestion points: User input defining the product and project name in SKILL.md.\n
- Boundary markers: None present; user-supplied strings are interpolated directly into shell command templates without delimiters or warnings.\n
- Capability inventory: Access to system shell for directory management and package execution.\n
- Sanitization: None; the instructions do not include steps to escape, validate, or sanitize the user input before it is used in command-line arguments.\n- [EXTERNAL_DOWNLOADS]: The skill triggers the download and execution of the
md-to-pdfpackage from the npm registry usingnpx. While the registry is a well-known service, the dynamic execution of external code combined with user-controlled file paths significantly increases the risk of exploitation or supply-chain concerns.
Recommendations
- AI detected serious security threats
Audit Metadata