mise-en-place
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection. It reads user-specified files and external web research data to generate a PRD. An attacker could place malicious instructions in a codebase file or on a web page the agent is likely to crawl, potentially influencing the output or subsequent agent actions.
- Ingestion points:
SPEC.md, user prompts, and web research results from the 'Research' step. - Boundary markers: None specified; the skill does not use delimiters to isolate external content from its instructions.
- Capability inventory: File system read access, web search capabilities, and file system write access (
prd.json). - Sanitization: No evidence of sanitization or content filtering before processing data into the final JSON output.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill performs targeted web research to gather domain standards and security requirements. This is a core feature and does not involve downloading executable code or unverified packages.
Audit Metadata