write-a-prd
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads untrusted data from the codebase and incorporates it into a workflow that includes file system operations.\n
- Ingestion points: The skill explores the repository in Step 2 to verify assertions and understand the current implementation state.\n
- Boundary markers: The instructions lack explicit delimiters or warnings to ignore malicious instructions that might be embedded in the codebase (e.g., within code comments or documentation).\n
- Capability inventory: The skill has the capability to write the generated PRD to a user-specified file path in Step 5.\n
- Sanitization: There is no evidence of sanitization, filtering, or validation of the data retrieved from the codebase before it is used to inform the PRD content.
Audit Metadata