prd-authoring
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection vulnerability.
- Ingestion points: The 'research' and 'create-prd' commands read the full content of 'product-brief.md' and 'research.md' (SKILL.md).
- Boundary markers: No delimiters or 'ignore embedded instructions' warnings are utilized when interpolating file content into prompts.
- Capability inventory: The skill has the capability to execute commands via the Gemini CLI and write files to the local 'docs/prds/' directory.
- Sanitization: There is no evidence of sanitization or validation of the input file content before it is processed by the AI.
- [COMMAND_EXECUTION] (MEDIUM): The skill executes 'bash scripts/prd-authoring.sh' using arguments like 'project-name'. This presents a risk of shell command injection if the script does not correctly handle or escape these arguments.
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires the 'gemini' CLI tool. While the 'google-gemini' organization is a trusted source, the dependency on an external binary increases the attack surface (Prerequisites section).
Recommendations
- AI detected serious security threats
Audit Metadata