Skills
skills/rodrigooslp/skills/review-prd/Gen Agent Trust Hub

review-prd

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads content from external files and interpolates it directly into instructions for subagents. A malicious payload within a PRD file could potentially influence the subagents or the primary agent's behavior during the consolidation and application of changes.
  • Ingestion points: The skill reads plans/<plan-name>/README.md and AGENTS.md from the local repository.
  • Boundary markers: The prompts used to spawn subagents interpolate file content without using secure delimiters or instructions to ignore potential commands embedded in the data.
  • Capability inventory: The skill can read and write files (plans/<plan-name>/README.md) and initiate new subagent tasks.
  • Sanitization: There is no evidence of sanitization, escaping, or validation of the content read from the files before it is processed by the LLM.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 12:06 AM