prd-to-ralph
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- NO_CODE (SAFE): The skill consists entirely of instructional markdown and a static JSON schema. It contains no scripts, binaries, or executable logic.
- EXTERNAL_DOWNLOADS (SAFE): No external dependencies or remote scripts are referenced or executed; the only URL present is a standard JSON schema reference.
- PROMPT_INJECTION (SAFE): While the instructions use terms like 'CRITICAL' and 'MANDATORY', these refer to the logical ordering of data fields (e.g., prioritizing database schema over UI) and do not attempt to override the model's safety guidelines or extract internal prompts.
- Indirect Prompt Injection (SAFE): The skill transforms untrusted requirement text into JSON. 1. Ingestion points: User-provided PRD or requirement prose. 2. Boundary markers: Absent. 3. Capability inventory: None (this skill performs text-to-JSON transformation only). 4. Sanitization: Absent; the skill maps input text directly to structured fields without filtering.
Audit Metadata