prd-generation
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external sources without sufficient isolation.
- Ingestion points: Step 1 in
SKILL.mddescribes ingesting "upstream artifacts" (such as output from problem-framing or user-modeling) and "raw input" from the user. - Boundary markers: The instructions lack explicit delimiters or specific directives to treat the ingested data solely as data and to ignore any embedded instructions.
- Capability inventory: The skill utilizes the
Writetool to automatically save the generated PRD to the filesystem atdesign/05-prd.md. - Sanitization: There is no evidence of sanitization, validation, or filtering of the ingested content to prevent malicious or malformed instructions from affecting the generated output.
Audit Metadata