Skills
skills/aiskillstore/marketplace/prd-to-appspec/Gen Agent Trust Hub

prd-to-appspec

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection because its core functionality involves the ingestion and transformation of untrusted external documents (PRDs).
  • Ingestion points: The workflows/convert-prd.md file (Step 1) instructs the agent to "Read the entire PRD file" from a user-provided path.
  • Boundary markers: The workflow lacks instructions for the agent to use delimiters or specific headers to isolate the PRD content from its system instructions, increasing the risk that instructions embedded in the PRD might be executed.
  • Capability inventory: The skill utilizes the agent's ability to read local files and write output to a file (prompts/app_spec.txt).
  • Sanitization: There are no mentions of sanitization, filtering, or validation steps for the input content before processing.
  • [PROMPT_INJECTION]: The skill-report.json file contains self-referential content designed to influence the analyzer. The "security_audit" section explicitly claims a "safe" risk level and dismisses potential findings as false positives, which is a technique used to evade security scrutiny.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 07:24 AM
Security Audit — agent-trust-hub — prd-to-appspec