Skills
skills/michaelmerrill/skills/write-a-prd/Gen Agent Trust Hub

write-a-prd

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it automatically reads and processes content from the local filesystem to ground its behavior.
  • Ingestion points: The agent reads scope documents from the ./plans/ directory and analyzes codebase files as specified in SKILL.md.
  • Boundary markers: There are no explicit instructions or delimiters defined in SKILL.md to prevent the agent from following instructions embedded within the files it reads.
  • Capability inventory: According to SKILL.md, the skill can call the AskUserQuestion tool and perform file write operations to create PRDs in the ./plans/ directory.
  • Sanitization: The skill does not specify any sanitization, validation, or filtering of the content retrieved from external files before processing it.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 02:40 PM