PRD Creator
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): No attempts to override system instructions, bypass safety filters, or extract system prompts were detected. The instructions are strictly focused on document structure.- [Data Exposure & Exfiltration] (SAFE): The skill does not access sensitive local files, environment variables, or hardcoded credentials. It does not perform network operations to external domains.- [Remote Code Execution] (SAFE): No external script downloads, package installations, or remote execution patterns (e.g., curl | bash) are present in the skill definition.- [Indirect Prompt Injection] (LOW): The skill ingests untrusted user input (the 'idea') to generate the PRD. While it lacks explicit boundary markers for this input, the capability is limited to writing documentation to the 'docs/' directory, which does not present a high-risk execution surface.- [Command Execution] (SAFE): The skill does not invoke system shells, subprocesses, or runtime compilers. Its operations are restricted to text transformation and file writing.
Audit Metadata