pm-sketch
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill generates interactive prototypes that reference library resources from well-known technology services.
- Evidence: Templates in
references/prototype-templates.mdinclude script tags forunpkg.com,cdnjs, andjsdelivrto load Vue, React, and Babel. - [COMMAND_EXECUTION]: The skill automates a complex workflow by orchestrating the execution of several internal sub-skills.
- Evidence: Sequential calls to
/pm-ia,/pm-state,/pm-flow, and/pm-wireframeto generate various diagram types. - [PROMPT_INJECTION]: The skill ingests untrusted project documentation to derive its visualization outputs, creating an exposure surface for indirect prompt injection.
- Ingestion points: Reads product context from
docs/pm-context/pm-context.md. - Boundary markers: No explicit delimiters or instructions are used to ignore embedded commands within the ingested file.
- Capability inventory: Ability to read file system metadata, write markdown and HTML files, and chain internal commands.
- Sanitization: No sanitization or filtering of the source context is documented.
- [SAFE]: The skill behavior is consistent with its primary purpose of generating design artifacts. All data access is restricted to non-sensitive project configuration files, and network operations are limited to referencing well-known public CDNs.
Audit Metadata