to-prd
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface because it processes untrusted data from the conversation history and repository files to generate a PRD that is then published via the
ghtool. - Ingestion points: Ingests the current conversation context, repository codebase structure,
AGENTS.md, and issue templates. - Boundary markers: No delimiters or instructions are used to separate user-provided content from the skill's logic.
- Capability inventory: Employs the GitHub CLI (
gh) to publish issues to the project's tracker. - Sanitization: The skill does not specify any sanitization, escaping, or validation of the processed data before it is sent to the issue tracker.
- [COMMAND_EXECUTION]: The skill relies on the
ghcommand-line utility to interact with the repository's issue tracker. This usage is aligned with the skill's stated purpose and uses official project tooling.
Audit Metadata