prd
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides a structured workflow for generating Product Requirements Documents. It includes instructional guardrails that prevent the agent from proceeding to implementation tasks without further authorization.\n- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes untrusted user input to populate generated documents. \n
- Ingestion points: User-provided feature descriptions and answers to clarifying questions are interpolated into the document template.\n
- Boundary markers: The skill does not use explicit delimiters or safety warnings when incorporating user-provided text into the final Markdown output.\n
- Capability inventory: The skill is capable of writing files to the local 'tasks/' directory based on user-driven naming conventions.\n
- Sanitization: No input validation or sanitization is performed on the user's feature description before it is written to the file system. This is a common architectural pattern for documentation tools and poses low risk within the intended use-case.
Audit Metadata