Back to skill

Security audit

PRD FullStack Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed PRD-document workflow with local template/build scripts; its main risks are broad activation wording and privacy gaps in example PRD content, not hidden or malicious behavior.

Install is reasonable if you want a Chinese PRD-generation workflow. Review generated PRDs before implementation, especially analytics, login logs, voice input, identifiers, retention, consent, and privacy compliance. Run the build scripts only in a project directory where generated files are expected.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (11)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are very broad and generic, so the skill may activate in conversations where a user is only casually mentioning PRDs rather than explicitly requesting this workflow. In an agent ecosystem, unintended activation can cause prompt takeover, unnecessary collection of user/project details, or inappropriate workflow insertion into unrelated tasks.

Vague Triggers

Low
Confidence
84% confidence
Finding
The repeated usage instructions reinforce vague trigger examples without defining strict activation conditions, increasing the chance of accidental invocation. While this is less severe than executable abuse, it can still degrade agent reliability and cause the wrong skill to intercept user requests.

Vague Triggers

Medium
Confidence
73% confidence
Finding
The activation phrases are broad enough that ordinary requests about writing a PRD could trigger the skill unintentionally. Unclear activation boundaries can cause the agent to enter a complex workflow unexpectedly, potentially changing behavior, collecting more information than needed, or invoking tooling tied to the skill context.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The listed trigger keywords are generic and lack guardrails defining when the skill should or should not activate. In overlapping conversational contexts, this can lead to accidental invocation of a powerful multi-step workflow and any associated automation or file-generation behaviors.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The PRD specifies a voice-to-text feature for notes but does not describe consent, retention, third-party processing, or any privacy notice. Because voice input can involve sensitive personal data and often relies on platform or cloud speech services, this omission can lead to undisclosed collection or transmission of user data and non-compliant implementation.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The analytics section specifies collection of login-page views, login clicks, login successes, login failures, and failure reasons without any guidance on consent, minimization, retention, or avoiding sensitive data capture. In a login context, telemetry can expose authentication behavior and potentially sensitive operational metadata, creating privacy and security risks if over-collected, retained too long, or broadly accessible.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The login_log table stores IP address, user agent, and failure reasons, all of which are sensitive or potentially identifying data, but the PRD includes no privacy, retention, access-control, or protection requirements for that data. In an authentication system, such logs are valuable for defense but also become a high-value target for misuse, correlation, or leakage if not tightly governed.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The prompt is entirely written to drive the interaction in Chinese and does not offer the user a language preference or fallback. This can cause users to misunderstand outputs, miss important product or market details, and make incorrect business decisions, especially in multilingual or international use cases.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The telemetry schema explicitly recommends collecting persistent identifiers such as user_id, device_id, registration date, channel, and VIP level, but only gives a brief generic note to 'consider privacy' rather than requiring consent, minimization, retention limits, or jurisdiction-specific compliance. In a reusable PRD skill, this can normalize privacy-invasive tracking patterns and lead downstream teams to implement analytics that create unnecessary user profiling or violate privacy requirements.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough to overlap with ordinary user conversation, which can cause the skill to activate and emit canned templates when the user did not explicitly request them. In an agent setting, ambiguous activation can override user intent, inject large structured content into downstream workflows, and increase the chance of prompt/behavior hijacking through unintended tool use.

Vague Triggers

Medium
Confidence
87% confidence
Finding
Allowing the AI to 'proactively recommend' templates without defined conditions creates ambiguous self-activation behavior. In agent workflows this can steer conversations, prematurely insert structured outputs, and increase the risk of unintended actions or prompt injection paths because the model is authorized to change mode without a clear user request.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.