prd-creator
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified through the ingestion of untrusted external data.\n
- Ingestion points: The skill ingests data from user responses via the AskUserQuestion tool, wireframe analysis via the Read tool, and competitive research results via the WebSearch tool.\n
- Boundary markers: There are no instructions provided to the agent to use delimiters or boundary markers when inserting untrusted content into the PRD.md or JSON task files.\n
- Capability inventory: The skill is designed to write several files to the PROJECT_ROOT/.agent/ directory, including markdown summaries and detailed JSON task specifications.\n
- Sanitization: The skill does not implement or require sanitization or validation of the ingested data before it is persisted to the filesystem, creating a surface where malicious instructions could be embedded in the generated project documentation.
Audit Metadata