Skills
skills/dmmulroy/.dotfiles/prd-to-todos/Gen Agent Trust Hub

prd-to-todos

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted content from external sources (URLs and GitHub issues), which presents an indirect prompt injection risk.
  • Ingestion points: External content fetched via webfetch or bash (GitHub CLI) in SKILL.md.
  • Boundary markers: No explicit delimiters or warnings are used to isolate ingested PRD text from the agent's instructions.
  • Capability inventory: The skill has access to bash, webfetch, read, and todo tools, which could be targeted by instructions hidden in a malicious PRD.
  • Sanitization: There is no evidence of sanitization or validation of the fetched PRD content before it is parsed and used to generate tasks.
  • [COMMAND_EXECUTION]: The skill uses the bash tool to interact with the GitHub CLI (gh issue view). This is used specifically to fetch issue content to facilitate the PRD breakdown process.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 11:42 AM