prd-to-issues
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes GitHub CLI (gh) commands to interact with the repository. It uses 'gh issue view' to read PRD content and 'gh issue create' to generate new work items. These are standard operations within the intended scope of developer tools.- [PROMPT_INJECTION]: The skill is potentially vulnerable to indirect prompt injection as it ingests untrusted content from GitHub issues. An attacker could place malicious instructions in the PRD to manipulate the agent's output. However, the skill explicitly includes a human review step ('Quiz the user') and requires human approval of the plan before any write operations occur, which significantly reduces the risk. 1. Ingestion points: 'gh issue view' output (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: 'gh issue create' (SKILL.md). 4. Sanitization: Not implemented; relies on manual verification.
Audit Metadata