prd
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user input to generate markdown files on the filesystem, creating a surface for indirect prompt injection.
- Ingestion points: The feature description provided by the user in the initial step.
- Boundary markers: Absent; the skill does not utilize delimiters or specific instructions to isolate user input from the rest of the prompt logic.
- Capability inventory: File-write access to the
tasks/directory on the local filesystem. - Sanitization: Minimal; while the skill suggests a 'kebab-case' filename transformation, it does not define strict validation or filtering for the content of the user-provided description.
- [NO_CODE]: This skill is entirely instructional and does not include any Python or Node.js scripts, executables, or binary files.
Audit Metadata