Security audit

Requirement Sharpening Stone

Security checks across malware telemetry and agentic risk

Overview

This PRD workflow skill is purpose-aligned and disclosed, but users should be aware it can create Feishu documents, use web search, read local project context, and write local process logs.

Install only if you are comfortable with PRD content being written to Feishu or local Markdown and with small local stage logs being kept. For confidential projects, ask the agent to avoid web search, avoid reading unrelated repository files, and disable or review local experience-base logging before use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (7)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases are broad enough that ordinary requests such as 'help me write a PRD' could silently activate a workflow with document creation, local file writes, and external lookups. Overbroad invocation increases the chance of unintended tool use and data handling without sufficiently informed user intent.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The examples are generic and do not clearly separate advisory drafting from workflows that persist data or invoke networked tools. Ambiguous activation criteria can cause the skill to run in contexts where the user only wanted brainstorming, leading to unintended access or storage behavior.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill advertises local Markdown output as a fallback but does not require an explicit user confirmation before modifying local files. This can lead to unintended persistence of sensitive project information on disk, especially when cloud document creation fails.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill mandates persistent logging of stage outcomes into an experience base without any user-facing warning, retention limits, or sensitivity filtering. Because PRD work often contains roadmap, business, and partner information, silent retention materially raises confidentiality and privacy risk.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill includes external information retrieval via web search but does not warn the user that queries may transmit project context outside the local environment. For product planning content, even limited outbound queries can reveal confidential initiatives or partner names.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The instruction to automatically write stage logs into a persistent experience-base directory creates a real data-handling vulnerability because it stores user project metadata by default. In a PM/PRD skill, those logs may contain confidential strategy, timelines, and decision history that persist beyond the session without clear authorization.

Ssd 3

High

Confidence: 98% confidence
Finding: This section explicitly directs capture of full interaction content, modifications, compliance results, and derived summaries for ongoing learning. That creates significant confidentiality and privacy exposure because rich user inputs and business decisions are retained and repurposed, potentially far beyond the user's immediate task expectations.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal