prd-creator
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by reading project files to understand domain context without using explicit boundary markers or sanitization.\n
- Ingestion points: Project metadata files (package.json, go.mod, pyproject.toml, Cargo.toml), documentation (README.md), and existing PRDs (docs/prd/) are read in Phase 0 (SKILL.md).\n
- Boundary markers: The skill instructions do not specify the use of delimiters or 'ignore' instructions for the data read from these files.\n
- Capability inventory: The skill has permission to read files (Phase 0) and write new Markdown files to the docs/prd/ directory (Phase 4). It has no network or shell execution capabilities.\n
- Sanitization: No evidence of sanitization or content validation for the read files is present.
Audit Metadata