prp-generation
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: No security issues were detected. The skill is limited to natural language instructions for generating documentation based on user input.
- [NO_CODE]: This skill does not ship with any scripts, binaries, or executable code.
- [INDIRECT_PROMPT_INJECTION]: The skill processes user-provided feature descriptions which are then saved to a file, establishing a surface for indirect prompt injection. Ingestion points: User-provided feature descriptions are gathered in Step 1 and Step 2 of the process defined in SKILL.md. Boundary markers: No specific markers or instructions to ignore embedded commands are present in the interpolation logic. Capability inventory: The skill specifies writing content to the filesystem at .ai/[feature-name]/prp.md. Sanitization: No sanitization or validation of user-provided content is performed prior to document generation.
Audit Metadata