prd-to-plan
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from PRDs and explores the local codebase without explicit boundary markers. An attacker could embed instructions within a PRD to influence the output or behavior of the agent.
- Ingestion points: Reads PRD content (provided via chat or file) and scans the local codebase.
- Boundary markers: The skill lacks explicit delimiters or instructions to ignore embedded commands within the processed PRD or code files.
- Capability inventory: The skill can read local source code and write new Markdown files to the
./plans/directory. - Sanitization: There is no evidence of sanitization or filtering of the input data before it is used to generate the plan file.
Audit Metadata