prd-writer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): The skill performs legitimate text-based tasks including user interviews and document generation. All file operations are restricted to writing markdown files in the
.specs/docs/directory. - Indirect Prompt Injection (LOW): The skill is designed to ingest and process untrusted user input and data from other skills (design-builder, spec-driven) to populate a PRD template.
- Ingestion points: Phase 1 Discovery interview and Integration sections.
- Boundary markers: Absent; user input is directly synthesized into the draft.
- Capability inventory: File system write access for
.mdfiles. - Sanitization: Absent; no escaping or validation of user-provided strings is performed.
- Risk Assessment: While a surface for injection exists, the lack of executable capabilities or network access makes this a low-risk concern.
Audit Metadata