prd-writer
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill's primary function is to ingest and summarize external, untrusted data (such as meeting notes, VOCs, and API contracts), which introduces a vulnerability to indirect prompt injection. 1. Ingestion points: External data enters the agent's context through user-provided meeting notes, policies, and API documentation as described in SKILL.md. 2. Boundary markers: Absent; the skill does not utilize specific delimiters or instructions to the agent to disregard embedded commands within the ingested content. 3. Capability inventory: The skill is restricted to generating Markdown text output; no subprocess execution, network operations, or file system modifications are enabled in the provided files. 4. Sanitization: Absent; there are no instructions provided to filter or validate input data for malicious instructions.
- [NO_CODE]: The skill consists entirely of natural language instructions and Markdown templates (SKILL.md and supporting reference files) and does not include any executable scripts, binaries, or platform configurations that allow for code execution.
Audit Metadata