prd
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill's workflow involves exploring the codebase to understand patterns and constraints. This creates a surface where an attacker who can commit code or documentation to the repository could include hidden instructions to bias or manipulate the generated PRD.
- Ingestion points: User feature requests and files within the project codebase (SKILL.md, Workflow step 3).
- Boundary markers: Absent; the skill does not instruct the agent to ignore instructions embedded in the codebase.
- Capability inventory: File system read access for codebase exploration and file system write access for generating markdown files (SKILL.md, Step 4).
- Sanitization: None; the agent is not instructed to filter or sanitize the content it reads from the codebase before including it in the PRD.
Audit Metadata