peach-gen-spec
Warn
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. Ingestion points: User requirements gathered through the 6-step 'AskUserQuestion' process in SKILL.md. Boundary markers: Absent; user input is directly interpolated into placeholders within assets/prd-template.md. Capability inventory: The skill utilizes the 'Write' tool to save generated documents to the local file system. Sanitization: No sanitization or validation of user-provided content is performed before writing to disk.
- [DATA_EXFILTRATION]: The skill reads from the sensitive local file 'api/src/environments/env.local.yml'. Although used to detect the database type (PostgreSQL or MySQL) for schema formatting, reading environment files constitutes a data exposure risk. No external network exfiltration was detected.
Audit Metadata