tad-generator
Warn
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill attempts to execute a local script
python3 scripts/update_readme_ideas_index.pyduring Phase 6 of the workflow if it exists in the project directory. This behavior allows for the execution of arbitrary code if the project directory contains a malicious script with that name, as the agent does not verify the content of the script before execution. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted project data (PRDs and supporting documents) and has significant capabilities including file system writes and shell command execution.
- Ingestion points:
prd.md,idea.md, andvalidate.mdare read byagents/prd-reader.mdto extract requirements. - Boundary markers: The skill lacks explicit delimiters or instructions to ignore embedded agent-steering commands within the processed project files.
- Capability inventory: The skill uses
gitfor branch management, stashing, and pushing changes, and executes local Python scripts in the project directory. - Sanitization: There is no evidence of sanitization or validation of the content extracted from the product requirements files before it is used to influence agent reasoning and document generation.
Audit Metadata