blueprint
Fail
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and instructs the execution of system-level commands to create symbolic links across different operating systems.
- Evidence:
workflows/create-symlink.mdprovides templates forln -s(Linux/macOS),mklink /D(Windows CMD), andNew-Item -ItemType SymbolicLink(PowerShell). - Risk: Commands use unvalidated placeholders for directory paths which could lead to command injection if paths contain shell metacharacters.
- [COMMAND_EXECUTION]: The skill explicitly requires elevated permissions for specific operations on Windows environments.
- Evidence:
workflows/create-symlink.mdstates thatmklinkand PowerShell symbolic link creation require "Administrator privileges" or "Developer Mode". This encourages the agent to seek or use high-privilege execution environments. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted external content.
- Ingestion points:
workflows/create-prd.mdaccepts untrusted data from "initial prompt or attached files (txt, md, pdf)". - Boundary markers: Absent. The instructions do not define delimiters or warnings to ignore instructions embedded within the provided data.
- Capability inventory: The skill has the capability to write files to the project directory (
SKILL.md,workflows/create-prd.md) and execute system commands for directory linking (workflows/create-symlink.md). - Sanitization: Absent. There is no validation or escaping of the content extracted from external files before it is processed by the agent to generate documentation.
Recommendations
- AI detected serious security threats
Audit Metadata