create-prd
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bash command
mv PRD.md PRD.backup-$(date +%Y%m%d-%H%M%S).mdto handle file versioning. While this is a common administrative task, it represents direct shell interaction. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by design, as it must process external data to fulfill its purpose.
- Ingestion points: The skill reads user conversation history, feature requests, and external research files located in
.agents/research/. - Boundary markers: No explicit delimiters or instructions are used to distinguish untrusted content from system instructions during the PRD generation phase.
- Capability inventory: The agent has the ability to write files to the project root and execute shell commands for file management.
- Sanitization: There is no evidence of sanitization or validation performed on the user-provided context or the content of research files before they are incorporated into the document or used to drive logic.
Audit Metadata