prd-writer
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a local shell script,
scripts/new_prd.sh, designed to create and initialize PRD files. This script usesperlfor string substitution, interpolating the PRD title directly into a command string, which presents a potential injection risk if the input contains special shell or regex characters. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its requirement to scan and read existing repository documentation.
- Ingestion points: The workflow's 'Step 0' involves the agent searching for and potentially reading content from directories such as
docs/,specs/, andadr/to align with project conventions. - Boundary markers: No delimiters or safety instructions are provided to ensure the agent ignores malicious instructions that might be contained within existing project files.
- Capability inventory: The skill is capable of executing local scripts, creating directories, and writing or copying files to the local file system.
- Sanitization: Although the script generates a slug for the filename, the title string is not sanitized before being used in the
perlin-place modification command.
Audit Metadata