paw-ps-publish-ready-check
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from product workspace files (briefs, bundles, and context) without explicit boundary markers or sanitization logic. An attacker could embed instructions within these files to manipulate the readiness verdict or inject malicious content into the generated HTML reports.\n
- Ingestion points: The skill reads several user-controlled files including
product-context.md,product-brief.md,product-decisions.md, and various files within thebundle/directory.\n - Boundary markers: Absent. The skill instructions do not specify the use of delimiters or warnings to ignore embedded instructions when reading external project content.\n
- Capability inventory: The skill performs file reads and writes within the local workspace directory, including the generation of structured HTML and Markdown reports.\n
- Sanitization: Absent. Content from the product files is scored and interpreted directly without evidence of escaping, filtering, or validation before being included in the final verdict and reports.
Audit Metadata