create-prd
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is designed for documentation purposes and does not exhibit any malicious behaviors such as credential exfiltration, remote code execution, or unauthorized network communication.- [PROMPT_INJECTION]: The skill features an indirect prompt injection surface by accepting untrusted user input to generate document content and file paths.
- Ingestion points: User-provided feature descriptions and answers to clarifying questions in SKILL.md.
- Boundary markers: The instructions do not use specific delimiters to isolate user-provided text from the skill's logic.
- Capability inventory: The skill has the capability to write Markdown files to the /tasks or /prd/ directories.
- Sanitization: No validation or sanitization instructions are present to filter user input before it is used in file generation.
Audit Metadata