prd-suite
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted input from 'requirement_template.md' and external XMind files via MCP tools. Ingestion points: User-provided content in 'templates/requirement_template.md' and '.xmind' files. Boundary markers: The skill uses structured templates and explicit instructions to delimit data. Capability inventory: Local filesystem writing via 'scripts/utils.js'. Sanitization: Relies on a mandatory human-in-the-loop review process as defined in 'templates/review_process.md'.
- [SAFE]: File system access is limited to PRD management tasks and is governed by explicit user approval before any write operation.
- [SAFE]: No remote execution or unauthorized network activity was detected. All scripts use standard Node.js built-in modules.
Audit Metadata