write-a-prd
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE] (SAFE): The skill consists entirely of natural language instructions within a markdown file. It does not include any executable scripts (.sh, .py, .js), binaries, or configuration files that execute commands.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection because it processes untrusted data to perform an action.
- Ingestion points: User descriptions provided in Step 1 and codebase contents explored in Step 2.
- Boundary markers: Absent. There are no delimiters or specific instructions to the agent to disregard instructions found within the repository files.
- Capability inventory: The skill can submit content to GitHub issues (Step 5) based on the analyzed data.
- Sanitization: Absent. The skill does not define any filtering or validation for the repository data before it is used to generate the PRD.
- [DATA_EXPOSURE] (SAFE): While the skill accesses the local repository to 'verify assertions and understand the current state', this is the primary intended purpose of the skill. There are no patterns indicating unauthorized exfiltration of sensitive files like credentials or SSH keys.
Audit Metadata