prd-to-plan
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to process untrusted data in the form of Product Requirement Documents (PRDs) provided by users or found in the codebase. While it lacks explicit boundary markers to delimit these inputs, the primary capability is generating Markdown documentation rather than executing scripts, which significantly limits the impact of potential injection attacks. Findings include:
- Ingestion points: User-pasted PRDs or existing PRD files in the repository.
- Boundary markers: None specified for the PRD content.
- Capability inventory: File system read (codebase exploration) and file system write (creating plans in
./docs/plans/). - Sanitization: No specific sanitization or filtering of PRD content is described.
- [DATA_EXPOSURE]: The process involves exploring the local codebase to understand architecture and integration layers. This is a standard operation for development-focused agents and no instructions for accessing sensitive directories (such as
.ssh,.aws, or.env) were found.
Audit Metadata