SafeAI-Global PRD Agent

The skill’s core purpose is coherent and mostly benign: it reads local compliance knowledge and drafts PRDs. Risk is medium because it also encourages transitive skill installation, remote raw-URL prompt adoption, and persistent user-injected policy files that take highest precedence. These are instruction-integrity risks rather than clear malware or credential theft.