pm-need
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands like
rm -rfandmkdir -pto manage internal project directories for temporary data storage. - [DATA_EXFILTRATION]: The skill performs a 'Project Deep Scan' that accesses sensitive files and metadata, including git commit history, source code comments (TODO/FIXME), and configuration files like
package.jsonordocker-compose.ymlwhich may contain infrastructure details. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its automated ingestion of untrusted external content.
- Ingestion points: Processes external URLs provided in user input and scans project-level metadata such as Issue/PR descriptions and git history.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when processing the collected data.
- Capability inventory: The skill possesses the ability to modify the file system (via
rmandmkdir) and orchestrate further downstream tasks like PRD generation and prototyping. - Sanitization: No sanitization or validation of the fetched URL content or project metadata is mentioned before it is processed by the refinement logic.
Audit Metadata