prd
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill consists of instructions and templates for markdown-based planning. It does not invoke external scripts, install packages, or perform unauthorized system modifications. Its primary behavior is restricted to writing documentation files within the 'tasks/' directory.
- [PROMPT_INJECTION]: The skill's 'Discovery Policy' requires the agent to ingest data from external web documentation and internal project files to inform the planning process. This constitutes a surface for indirect prompt injection where malicious instructions embedded in those sources could potentially influence the resulting PRD.
- Ingestion points: Reads local source code, configuration files, READMEs, and external web documentation as specified in the 'Discovery Policy' section of SKILL.md.
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore' commands for the content gathered during the discovery phase.
- Capability inventory: The skill is designed to write markdown files to the 'tasks/' directory to record plans and checklists.
- Sanitization: There are no explicit instructions for the agent to sanitize or validate the content ingested from the discovery phase before incorporating it into the generated files.
Audit Metadata