prd-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from JIRA issue descriptions and Confluence pages as part of the PRD generation process in
workflow-automated-gathering.md. This presents an indirect prompt injection surface. Ingestion points: JIRA issue text and Confluence page content. Boundary markers: Absent. Capability inventory: Local file writing and Confluence page creation. Sanitization: Absent. - [COMMAND_EXECUTION]: The skill includes and executes a local shell script
scripts/collect_prd_info.shto facilitate user input via macOS system dialogs.
Audit Metadata