prd-orchestrator
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill performs file system operations including moving files (mv) and creating project directory structures based on provided PRD paths. While intended for orchestration, this behavior could be exploited if paths are not properly validated within the agent's runtime environment.- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8). It ingests untrusted data from external PRD files and uses that content to generate implementation plans (mini-PRDs) and acceptance criteria.
- Ingestion points: PRD file paths (e.g., docs/prds/reddit-bot.md).
- Boundary markers: Absent; there are no instructions to the agent to ignore or delimit instructions found within the PRD content.
- Capability inventory: File system modification (moving files) and file writing (generating meta.yaml and markdown files).
- Sanitization: None specified; the agent is expected to 'analyze' and 'split' the content directly.
Audit Metadata