prd-planner
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes standard
grepcommands to perform read-only scans of the localsrc/directory for design patterns such as error handling and pagination. This is a primary function of the skill and is restricted to the workspace. - [DATA_EXPOSURE] (SAFE): The skill processes local project files and generates documentation in a
docs/folder. It does not attempt to access sensitive system paths (e.g., SSH keys, AWS credentials) or exfiltrate data over the network. - [PROMPT_INJECTION] (SAFE): The skill has a data ingestion surface (Category 8) as it reads local source code to generate PRDs. [Ingestion points]: Code files in the
src/directory viagrep. [Boundary markers]: None explicitly defined in the provided logic. [Capability inventory]: Local command execution (grep) and local file-writing. [Sanitization]: Not explicitly implemented for the code snippets read by the tool. Given the context of scanning the user's own project, this is considered a safe surface area.
Audit Metadata