prd-generator
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill implements a template-based generation system that processes user-provided feature descriptions. This presents a potential surface for indirect prompt injection where malicious instructions could be embedded in the product specifications.
- Ingestion points: Processes feature names, descriptions, and problem statements as structured JSON input in README.md and SKILL.md.
- Boundary markers: The provided templates do not currently employ explicit boundary markers or instructions to ignore embedded commands within user data.
- Capability inventory: The skill is configured with access to Read, Write, Edit, and Bash tools as specified in the SKILL.md metadata.
- Sanitization: No specific input validation or sanitization routines are defined in the analyzed documentation.
- [EXTERNAL_DOWNLOADS]: The documentation includes references and links to external resources, documentation, and community-maintained repositories for product management integrations, including Notion, ChatPRD, and GitHub-based MCP servers. These are provided for reference purposes and do not involve automated execution of untrusted code.
Audit Metadata