create-prd
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill contains no code, binaries, or automated scripts. Its functionality is restricted to providing the AI agent with structured templates and elicitation techniques for document generation.
- [PROMPT_INJECTION]: The skill processes untrusted user input (e.g., product_vision, problem_statement) and interpolates it into the generated PRD, creating a surface for indirect prompt injection (Category 8). 1. Ingestion points: SKILL.md (inputs). 2. Boundary markers: Absent. 3. Capability inventory: Workspace file system writing. 4. Sanitization: Absent. This is documented as a vulnerability surface rather than a malicious pattern.
- [PROMPT_INJECTION]: The product_name input is used to construct the output file path (e.g., workspace/prds/{product-name}-prd.md). Without sanitization, this could allow for path traversal attempts, although the risk is managed by the agent's internal file handling constraints.
- [SAFE]: Telemetry data emitted (product_name, prd_location, etc.) is consistent with the skill's purpose for project management and does not involve the exfiltration of sensitive system data or user credentials.
Audit Metadata