Back to skill

Security audit

Product Monster PRD

Security checks across malware telemetry and agentic risk

Overview

This PRD-writing skill is purpose-aligned, but users should notice that its diagram workflow can create or overwrite local diagram files.

Install if you want a PRD assistant that can also produce diagram artifacts. Keep PRDs under version control, avoid running the referenced local Python helper unless you have inspected it, and be aware that opening the Mermaid HTML template may load code from a CDN.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
该技能表面上是 PRD 撰写/评审工具,但文档明确引入了自动扫描 PlantUML、编译为 PNG、创建目录并回写文档的文件修改能力,能力边界明显超出纯文本生成。对于用户而言,这意味着调用一个写作技能时可能触发本地文件系统写入与内容覆盖,若未充分告知或限制作用域,容易造成意外修改、批量改写或被嵌入式内容滥用。

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
文档要求执行本地脚本并依赖系统安装 PlantUML,这将一个内容创作技能扩展为可触发本地程序执行和批量文件处理的工具。虽然说明中未直接包含恶意命令,但此类设计提升了攻击面:一旦脚本行为不透明、扫描范围过大或输入内容可控,就可能导致超预期的文件修改、资源消耗或执行链风险。

Missing User Warnings

Medium
Confidence
94% confidence
Finding
文档描述会自动创建 `plantuml-images/` 并自动覆盖图片,但没有在关键位置突出提示这是实际文件写入和覆盖行为。对于期望只生成文本 PRD 的用户,这种静默修改会带来数据丢失、版本污染或误改项目资产的风险,尤其在共享目录或已有同名资源时更危险。

Missing User Warnings

Medium
Confidence
95% confidence
Finding
手动生成步骤说明脚本会扫描所有 PRD 文件并重新生成图片,这是典型的批量修改操作,但文档缺乏醒目的范围说明、风险告知和确认步骤。批处理能力在工作区较大、目录混杂或文件命名不规范时尤其危险,可能造成广泛的非预期改写。

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.