write-a-prd
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection from repository content. (1) Ingestion points: The agent reads repository files in Step 2 to verify assertions and understand codebase state. (2) Boundary markers: No delimiters or instructions to ignore embedded commands are present when processing repo files. (3) Capability inventory: The agent has repository read access and the ability to post content to GitHub issues. (4) Sanitization: There is no logic to sanitize or escape data retrieved from the repository before it is used to generate the PRD output.
Audit Metadata