product-prd
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting data from existing project documents and user arguments.
- Ingestion points: Content is retrieved from the 'docs/brainstorms/' directory and the '$ARGUMENTS' variable.
- Boundary markers: There are no delimiters or instructions to the agent to treat ingested content as data rather than potential instructions.
- Capability inventory: The agent uses 'Read', 'Glob', 'Grep', and 'Write' to manage files and 'AskUserQuestion' to interact with the user.
- Sanitization: Input from brainstorm files is not sanitized or validated before being used to populate the PRD template.
Audit Metadata