prd-to-plan
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data (PRDs provided by the user or found in the codebase) which creates a surface for indirect prompt injection. A malicious PRD could attempt to influence the agent's planning output or behavior.
- Ingestion points: PRD content provided via user input or read from local files in Step 1.
- Boundary markers: Absent. No specific delimiters or instructions are used to treat the PRD content as data rather than instructions.
- Capability inventory: Codebase exploration (file read) and file creation/writing in the
./plans/directory. - Sanitization: Absent. The skill does not perform validation or sanitization on the content of the PRD.
Audit Metadata