prd-studio
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted documentation from the local project workspace to inform its writing and review processes. \n
- Ingestion points: The context collection phase in
references/writer/guide.mdusesGlobto scan for and read PRD, HLD, and API documentation files from the workspace. \n - Boundary markers: The prompt templates for the Writer, Reviewer, and Fixer subagents do not include explicit delimiters or instructions to the LLM to disregard potentially adversarial instructions embedded within the ingested file content. \n
- Capability inventory: The skill possesses capabilities for file system access (reading and writing files in the
workflow/directory), performing web searches viaWebSearch, and managing task orchestration through subagents. \n - Sanitization: No sanitization, filtering, or validation is performed on the content of the external files before they are provided to the subagents for processing. \n- [EXTERNAL_DOWNLOADS]: The skill uses a web search tool to gather industry best practices during the context collection phase. \n
- Evidence:
references/writer/guide.mduses theWebSearchtool to look up industry standards for requirement types. This is an expected and benign behavior for its documented purpose of improving PRD quality.
Audit Metadata