Skills
skills/songsunny00/myskills/review-prd/Gen Agent Trust Hub

review-prd

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local Python scripts parse_docs.py and generate_report.py via the command line to handle document conversion and report generation. This is a standard and documented part of the skill's workflow.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from external documents.
  • Ingestion points: The skill reads content from .docx, .xlsx, and .md files provided by the user in a specified directory.
  • Boundary markers: No specific delimiters or "ignore instructions" warnings are used to separate the document content from the agent's instructions.
  • Capability inventory: The skill has the capability to execute shell commands (python) and write files to the local filesystem via the provided scripts.
  • Sanitization: There is no evidence of sanitization or filtering of the text extracted from the documents before it is processed by the AI.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 08:59 AM