Skills
skills/unfallenwill/quickspec/prd-loader/Gen Agent Trust Hub

prd-loader

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It retrieves content from external URLs or local files and writes it directly into the workspace. If the source content contains malicious instructions, they could influence downstream agent tasks that process this file.
  • Ingestion points: The skill uses the WebFetch and Read tools to ingest data from URLs or file paths provided in the $ARGUMENTS variable.
  • Boundary markers: While it wraps the output in a Markdown file with a YAML header, it does not implement specific delimiters or instructions to the agent to disregard embedded commands in the PRD content.
  • Capability inventory: The skill possesses extensive capabilities, including Write, Edit, and Bash tool access.
  • Sanitization: No sanitization, filtering, or validation is performed on the content before it is stored in the workspace.
  • [DATA_EXFILTRATION]: The skill has the capability to read arbitrary local files using the Read tool based on paths passed via $ARGUMENTS. If a malicious or compromised orchestrator provides paths to sensitive files (e.g., ~/.ssh/config, .env), the skill will load and write that data into the workspace.
  • [EXTERNAL_DOWNLOADS]: The skill uses the WebFetch tool to download data from arbitrary, user-supplied URLs. This content is then used to populate the local workspace environment without further validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 11:26 AM