write-a-prd
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill identifies a surface for indirect prompt injection attacks where malicious instructions could be embedded in the repository or user input to manipulate the final PRD output.
- Ingestion points: The skill reads a "long, detailed description" from the user and "explores the repo" (SKILL.md).
- Boundary markers: There are no delimiters or instructions to ignore embedded commands within the ingested data.
- Capability inventory: The skill allows the agent to submit content as a GitHub issue, which is a write action.
- Sanitization: There is no sanitization or escaping of the external content before it is interpolated into the PRD template and submitted to GitHub.
Audit Metadata