prd-to-plan
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-provided PRDs as input, which creates a surface for indirect prompt injection. \n
- Ingestion points: The skill reads PRD content from the conversation context or referenced files in Step 1. \n
- Boundary markers: The instructions do not define explicit delimiters or 'ignore instructions' warnings for the PRD content. \n
- Capability inventory: The skill performs read-only codebase exploration and local file creation within the './plans/' directory. \n
- Sanitization: No input sanitization or validation of the PRD text is performed. \n- [COMMAND_EXECUTION]: The skill directs the agent to perform file system operations, including creating a './plans/' directory and writing Markdown files (Step 6). These operations are standard for development and planning tools and are performed within a restricted local path.
Audit Metadata