generate-prd
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No security issues detected.
- Prompt Security: No prompt injection or instruction override patterns were found. Instructional language is used appropriately for guiding the agent's task.
- Data Security: The skill does not access sensitive system paths or hardcode credentials. It writes output to a standard project-relative path (
tasks/). - Execution Security: No remote code execution, package installation, or dynamic code evaluation patterns are present.
- Indirect Prompt Injection (LOW): The skill ingests untrusted user input to populate document templates. While this creates a surface for indirect prompt injection (e.g., if the generated PRD is later read by another agent), the capability is limited to writing markdown files, which is consistent with the skill's primary and safe purpose.
Audit Metadata