prd-to-plan
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill reads from the local codebase and writes implementation plans to the
./plans/directory. These actions are transparently described and aligned with the skill's primary purpose of project planning. No network exfiltration, hardcoded credentials, or access to sensitive system paths (like .ssh or .aws) was detected. - [INDIRECT_PROMPT_INJECTION]: The skill processes user-provided Product Requirement Documents (PRDs) as its primary input. While this poses a theoretical surface for indirect prompt injection where malicious instructions could be embedded in a PRD, the skill's capabilities are limited to generating markdown documentation and do not include high-risk operations like arbitrary code execution.
- Ingestion points: Processes PRD content from the conversation context or local files (SKILL.md).
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the processing logic.
- Capability inventory: Includes file system writes limited to the
./plans/directory (SKILL.md). - Sanitization: No specific sanitization or validation of the PRD content is performed before interpolation into the plan template.
Audit Metadata