test-cases
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is vulnerable to instructions embedded within the PRD documents it processes.
- Ingestion points: Step 1 reads PRD files from user-provided paths using the Read tool.
- Boundary markers: Absent; the skill does not use delimiters or provide instructions to the agent to ignore embedded commands within the PRD.
- Capability inventory: The skill has access to both Read and Write tools, enabling it to modify the local file system.
- Sanitization: No sanitization or escaping of the ingested PRD content is specified before the agent generates output.
Recommendations
- AI detected serious security threats
Audit Metadata