prd-writer
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability. The skill ingests data from several workspace files (e.g., product vision, strategic guardrails) to influence its PRD generation. This creates a surface where malicious content within those documents could steer the agent's behavior.\n
- Ingestion points: pm-workspace-docs/company-context/product-vision.md, pm-workspace-docs/company-context/strategic-guardrails.md, pm-workspace-docs/company-context/personas.md.\n
- Boundary markers: Absent. The skill does not implement specific delimiters or 'ignore' instructions when reading these files.\n
- Capability inventory: File system write access (pm-workspace-docs/initiatives/) and external API interaction via the Figma MCP tool.\n
- Sanitization: Absent. Content from the workspace is used directly in prompts and tool calls without filtering.\n- [EXTERNAL_DOWNLOADS]: Integrates with Figma, a well-known service, using an MCP tool to generate diagrams. This involves sending generated Mermaid syntax to Figma's API and receiving/storing a URL in _meta.json.
Audit Metadata