docfactory-prd
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill instructs the agent to run a local Python script (
scripts/validate_docfactory_prd.py) to validate the output. Analysis of this script shows it only performs basic string matching on the generated file using standard libraries (pathlib,sys). It does not perform network operations, file deletions, or any other high-risk actions. - PROMPT_INJECTION (LOW): The skill processes external data (e.g.,
00-project-brief.md,01-market-research.md) which presents a surface for indirect prompt injection. - Ingestion points: Reads project-specific markdown files (00-.md, 01-.md).
- Boundary markers: None identified in instructions.
- Capability inventory: Local file write (02-prd.md) and execution of a bundled validation script.
- Sanitization: No explicit sanitization mentioned.
- Assessment: While a surface exists, the risk is minimal as the output is static documentation and the validation script is non-dynamic.
- DATA_EXFILTRATION (SAFE): No network-capable commands or sensitive file paths (like credentials or SSH keys) were found. The skill operates entirely on local project documentation.
Audit Metadata