create-brownfield-prd
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from the user's codebase without sufficient isolation.
- Ingestion points: The skill reads files, comments, and documentation from the directory provided in the 'project_root' input, as described in 'SKILL.md' and 'references/codebase-analysis-guide.md'.
- Boundary markers: No specific delimiters or safety instructions are defined to prevent the agent from following commands embedded within the analyzed data.
- Capability inventory: The skill utilizes shell commands like 'grep', 'find', and 'tree' to perform its analysis.
- Sanitization: The ingested data is processed directly without any validation or sanitization to filter out potential instructions.
- [DATA_EXFILTRATION]: The skill's telemetry tracks absolute file system paths, which could reveal sensitive information about the host environment.
- Evidence: The 'telemetry' section in 'SKILL.md' is configured to track 'project_root' and 'prd_location', both of which are absolute paths.
- [COMMAND_EXECUTION]: The skill relies on the execution of shell commands to perform deep analysis of the target codebase.
- Evidence: 'references/codebase-analysis-guide.md' and 'SKILL.md' provide specific instructions for using 'tree', 'grep', and 'find' to extract project structure and business logic.
Audit Metadata