create-prd
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its data ingestion process in Step 2.
- Ingestion points: Step 2 (Path B) allows the agent to read "prepared material" including external documents and notes provided by the user.
- Boundary markers: There are no explicit instructions to use delimiters or ignore embedded instructions within the ingested content.
- Capability inventory: The skill can write files to the local
prds/directory and execute shell commands using the GitHub CLI (gh issue create). - Sanitization: No sanitization or validation of the external content is performed before it is used to generate the PRD or executed in a shell command.
- [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI to create issues, specifically using the pattern
gh issue create --title "PRD: [Feature Name]" --body "$PRD_CONTENT". The use of variable interpolation for the$PRD_CONTENTvariable, which is populated from potentially untrusted external inputs, presents a risk of command injection if the content contains shell metacharacters.
Audit Metadata