skills/wcof/pmskill/pm-need/Gen Agent Trust Hub

pm-need

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands like rm -rf and mkdir -p to manage internal project directories for temporary data storage.
  • [DATA_EXFILTRATION]: The skill performs a 'Project Deep Scan' that accesses sensitive files and metadata, including git commit history, source code comments (TODO/FIXME), and configuration files like package.json or docker-compose.yml which may contain infrastructure details.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its automated ingestion of untrusted external content.
  • Ingestion points: Processes external URLs provided in user input and scans project-level metadata such as Issue/PR descriptions and git history.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when processing the collected data.
  • Capability inventory: The skill possesses the ability to modify the file system (via rm and mkdir) and orchestrate further downstream tasks like PRD generation and prototyping.
  • Sanitization: No sanitization or validation of the fetched URL content or project metadata is mentioned before it is processed by the refinement logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 01:10 AM
Security Audit — agent-trust-hub — pm-need