blueprint-derive-prd
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill performs intended documentation synthesis and project management actions using authorized tools.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing untrusted content from local repository files (e.g., README.md) to generate PRDs and GitHub issues. 1. Ingestion points: Documentation files such as README.md, package manifests, and architecture docs. 2. Boundary markers: No explicit delimiters or instructions are used to separate untrusted document content in the PRD templates. 3. Capability inventory: The skill has file system write access, Bash command execution, and network write capability via the GitHub CLI. 4. Sanitization: Extracted documentation content is used without escaping or validation.
Audit Metadata