prd-creator
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill contains templates and instructions for AI agents (personas and directives) designed to improve accuracy and adherence to constraints. No malicious bypass patterns or safety filter overrides were found.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The script 'validate_prd.py' utilizes the 'PyYAML' library for structured data parsing, which is a common and trusted industry standard. It is used with safe loading methods.
- Indirect Prompt Injection (SAFE): While the skill processes user-supplied text files, it uses safe parsing methods and regex-based validation rather than directly executing or interpreting the content as instructions for the current session.
- Data Exposure & Exfiltration (SAFE): The scripts perform standard local file-system operations consistent with PRD management. No network activity, hardcoded credentials, or suspicious file access patterns were detected.
Audit Metadata