Skills
skills/wcof/prdcontextengine/prd-status/Gen Agent Trust Hub

prd-status

Warn

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute a Python script located at a path that resolves outside the skill's own directory through the use of directory traversal pointers. The files checks, commands, modules, scripts, and support all contain relative path references (../../) that map the skill's components to the parent directory environment. This allows the skill to execute code and access modules from the broader filesystem beyond its own root.
  • [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by ingesting documentation from the filesystem without security controls.
  • Ingestion points: PRD documentation files located in the docs/prd-helper directory (specified by the --docs-root argument in the status command).
  • Boundary markers: Absent. The skill does not use delimiters or instructions to ignore embedded commands within the ingested PRD data.
  • Capability inventory: The skill has access to the Bash tool, allowing for shell command execution.
  • Sanitization: None. There is no evidence of validation or sanitization of the documentation content before it is processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 10, 2026, 04:23 AM