write-a-prd
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it incorporates untrusted data from user interviews and repository exploration into its decision-making and output generation processes.
- Ingestion points: Untrusted data enters the agent context through user-provided descriptions (Step 1), repository exploration (Step 2), and user interviews (Step 4).
- Boundary markers: The skill lacks explicit delimiters or specific instructions to separate the developer's instructions from the untrusted content being analyzed.
- Capability inventory: The skill has capabilities to read repository files and perform network-write operations via GitHub issue submission.
- Sanitization: No instructions or validation steps are provided to sanitize or filter potential malicious instructions embedded within the user input or explored files.
Audit Metadata