skills/wcof/pmskill/pm-sketch/Gen Agent Trust Hub

pm-sketch

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill generates interactive prototypes that reference library resources from well-known technology services.
  • Evidence: Templates in references/prototype-templates.md include script tags for unpkg.com, cdnjs, and jsdelivr to load Vue, React, and Babel.
  • [COMMAND_EXECUTION]: The skill automates a complex workflow by orchestrating the execution of several internal sub-skills.
  • Evidence: Sequential calls to /pm-ia, /pm-state, /pm-flow, and /pm-wireframe to generate various diagram types.
  • [PROMPT_INJECTION]: The skill ingests untrusted project documentation to derive its visualization outputs, creating an exposure surface for indirect prompt injection.
  • Ingestion points: Reads product context from docs/pm-context/pm-context.md.
  • Boundary markers: No explicit delimiters or instructions are used to ignore embedded commands within the ingested file.
  • Capability inventory: Ability to read file system metadata, write markdown and HTML files, and chain internal commands.
  • Sanitization: No sanitization or filtering of the source context is documented.
  • [SAFE]: The skill behavior is consistent with its primary purpose of generating design artifacts. All data access is restricted to non-sensitive project configuration files, and network operations are limited to referencing well-known public CDNs.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 01:10 AM
Security Audit — agent-trust-hub — pm-sketch