writing-prds
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests user product ideas and notes to generate "AI Prompt Sets" and "Eval Specs." This process of transforming untrusted data into instructions for other AI models creates a theoretical surface for indirect injection.\n
- Ingestion points: Workflow Step 2 and
references/INTAKE.mddefine how the agent collects user inputs.\n - Boundary markers: The skill uses Markdown templates in
references/TEMPLATES.mdto delimit generated content.\n - Capability inventory: The skill only generates Markdown files and lacks any native code execution or network capabilities.\n
- Sanitization: The
references/CHECKLISTS.mdfile explicitly requires the definition of "must-not-do" behaviors and safety constraints, providing a measure of security review.\n- [Prompt Injection] (SAFE): There are no patterns of instructions attempting to bypass safety filters or override the agent's core identity.\n- [Data Exposure & Exfiltration] (SAFE): No access to sensitive file paths or hardcoded credentials detected. The skill includes a checklist item to ensure no secrets are included in the PRDs.\n- [Obfuscation] (SAFE): All content is human-readable Markdown with no hidden or encoded segments.\n- [Unverifiable Dependencies & Remote Code Execution] (SAFE): No external code dependencies or remote scripts are used or referenced.
Audit Metadata