prd-to-issues
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of reading external data.\n
- Ingestion points: The skill ingests untrusted data from GitHub issue descriptions and comments using the
gh issue viewcommand.\n - Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore or isolate potential instructions embedded within the fetched PRD content.\n
- Capability inventory: The skill provides the agent with write access to the GitHub repository via the
gh issue createcommand.\n - Sanitization: No evidence of sanitization, filtering, or validation is present to prevent the execution of malicious instructions contained within the retrieved PRD.\n
- Mitigation: The process includes a human review step ('Quiz the user') which requires explicit approval of the drafted issues before any write operations occur, significantly lowering the risk of automated exploitation.
Audit Metadata