prd-relate

Warn

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill's file structure (files: checks, commands, modules, scripts, support) consists entirely of relative path references (../../). This is a directory traversal pattern designed to break out of the skill's specific directory to access parent folders. This can expose sensitive configurations or data belonging to other skills or the agent's core environment.
  • [COMMAND_EXECUTION]: The skill invokes python3 via the Bash tool to run a local script (prd-command-dispatch.py). The instructions also direct the agent to search for and execute this script in alternative directories if the skill is installed elsewhere, which presents a risk of executing code from untrusted or unexpected paths.
  • [PROMPT_INJECTION]: The skill demonstrates a vulnerability to indirect prompt injection.
  • Ingestion points: The skill reads facts and rules from modules/relate/guide.md, which is accessed via a path-traversal link.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore potentially malicious content within these documents.
  • Capability inventory: The agent has access to the Bash tool and file-writing capabilities.
  • Sanitization: No evidence of sanitization or validation of the ingested content is present, allowing instructions within the documentation to potentially influence agent behavior.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 10, 2026, 04:23 AM
Security Audit — agent-trust-hub — prd-relate