pm-prd-write
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several local bash scripts (e.g., validate-prd.sh, id-generator.sh, asset-handler.sh) located in the plugin's root directory and performs file operations like directory creation and writing to disk.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it incorporates untrusted user input into generated documents. 1. Ingestion points: Initiative description provided via the $ARGUMENTS variable. 2. Boundary markers: None (no explicit delimiters used to isolate user input). 3. Capability inventory: Bash (file/directory operations), Write (to output paths), and Edit (config files). 4. Sanitization: No sanitization is performed on the primary input text. Additionally, there is a discrepancy between the allowed-tools metadata and the bash commands used in the execution steps.
Audit Metadata