create-prd
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs legitimate document generation tasks using restricted tools (
Read,Write,AskUserQuestion). No network or remote execution capabilities are requested. - [COMMAND_EXECUTION]: The skill uses the
Writetool to save generated PRDs to the local file system. This is consistent with its stated purpose of creating documents and uses a predictable naming convention (PRD-[product]-[date].md). - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests user input to populate PRD templates. However, the risk is minimal as the skill lacks high-privilege capabilities like network access or shell execution, and the behavior is intrinsic to its primary function as a documentation generator.
Audit Metadata