prd-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks because it incorporates data from external sources into its prompts. * Ingestion points: Data is pulled from JIRA issue descriptions and Confluence pages using MCP tools. * Boundary markers: Absent. The skill does not define clear delimiters to separate external data from its internal instructions. * Capability inventory: The agent has permissions to write files to the local project directory and create pages on Confluence via MCP. * Sanitization: Absent. There is no evidence of filtering or validation for content fetched from external platforms.
- [COMMAND_EXECUTION]: The skill includes and utilizes a local bash script (
scripts/collect_prd_info.sh) to facilitate user input collection. It uses the macOSosascriptcommand to display GUI dialog boxes for entering JIRA information.
Audit Metadata