build-prd
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (
gh) to read issues, manage labels, and update issue content. It also uses standard shell utilities likecatandgrepfor local file inspection. These commands are necessary for the skill's functionality and are executed within the user's authenticated environment. - [INDIRECT_PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from GitHub issues.
- Ingestion points: External content is retrieved via
gh issue viewin Step 1. - Boundary markers: No explicit delimiters are specified in the prompts to separate issue content from agent instructions.
- Capability inventory: The skill has the ability to write to GitHub issues (
gh issue edit) and comment (gh issue comment) in Steps 6 and 7. - Sanitization: Input data is not automatically sanitized; however, the workflow includes a manual security checkpoint ('Step 5: Review with user') requiring explicit user approval before any write actions are taken, which effectively mitigates the risk of automated exploitation.
Audit Metadata