prd-maker
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where untrusted data from web research can influence the generated planning documents.
- Ingestion points: Files like prd.md and sources.md are populated using context from the user and potentially live web search results.
- Boundary markers: The skill lacks explicit boundary markers or instructions for the agent to ignore malicious patterns within the ingested research data.
- Capability inventory: The script scripts/build-preview.mjs reads these files and generates a preview.html file on the local filesystem.
- Sanitization: The internal markdown renderer within assets/preview.template.html uses a regular expression to convert markdown links to HTML anchors without validating the URL scheme, potentially allowing the injection of javascript: URIs if malicious content is included in the PRD.
- [COMMAND_EXECUTION]: The skill executes local Node.js scripts (scripts/build-preview.mjs and scripts/render-planning-map.mjs) to process data and generate files. These scripts perform filesystem operations based on user-controlled directory paths.
Audit Metadata