prd
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a standard text-to-text transformation tool that creates markdown files and does not contain any executable logic or scripts.
- [PROMPT_INJECTION]: The instructions are focused on structured document generation and lack any attempts to override safety filters, extract system prompts, or bypass AI constraints. While the skill ingests untrusted user data (ideas, demos), the only capability is writing to a local markdown file, which does not present a path to privilege escalation. (Evidence: Ingestion points in SKILL.md; Boundary markers absent; Capability: writes prd/PRD.md; Sanitization absent).
- [DATA_EXFILTRATION]: No network requests, hardcoded credentials, or access patterns to sensitive files (such as SSH keys or environment variables) were detected.
- [COMMAND_EXECUTION]: The skill does not invoke any shell commands, subprocesses, or system-level operations.
- [REMOTE_CODE_EXECUTION]: No remote scripts are fetched or executed, and the skill does not define any external package dependencies or dynamic loading patterns.
Audit Metadata