prd-engineer
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses 'rg' (ripgrep) and 'cat' to explore the local codebase during the research phase. These operations are limited to reading code for context and do not involve system modification or dangerous parameters.\n- [DATA_EXPOSURE]: Codebase exploration is localized to relevant files determined by keywords. The skill reads existing code to understand current implementation logic, which is necessary for its primary purpose of writing accurate PRDs. No credentials or sensitive environment files are targeted.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data from the codebase and user input. However, the risk is negligible due to the lack of high-privilege capabilities and the requirement for iterative user approval of generated content.\n
- Ingestion points: Phase 1.1 (User input) and Phase 1.2 (Codebase exploration via 'rg' and 'cat' in SKILL.md).\n
- Boundary markers: None identified between raw data and instructions.\n
- Capability inventory: Shell command execution ('rg', 'cat') and markdown document generation.\n
- Sanitization: No specific sanitization of ingested code content is implemented before it is processed by the model.
Audit Metadata