prd
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes the shell command
open -a Typora PRD.md. This is a local command execution used to launch a third-party application. While the command and file path are hardcoded, providing execution capabilities always carries a baseline risk. - [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface detected through the analysis of external files.
- Ingestion points: The skill reads the content of
PROBLEM.mdand uses an 'Explore' subagent to scan the local codebase. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present when the agent processes these files.
- Capability inventory: The skill can write to the filesystem (
PRD.md), execute shell commands (open), and spawn additional subagents. - Sanitization: There is no evidence of sanitization or filtering of the content read from
PROBLEM.mdor the codebase before it is used to influence the agent's output or the subagent's behavior.
Audit Metadata