prd-to-issues
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
ghCLI andgitto perform its core functions. It executesgh issue viewto retrieve external PRD content andgh issue createto generate new issues in the repository. These commands are used for their intended purposes within the skill's scope. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes user-provided PRDs from GitHub issues. Ingestion points: Data is ingested via the
gh issue viewcommand as specified in Step 1 of SKILL.md. Boundary markers: The skill does not define specific delimiters or instructions to isolate the retrieved PRD content from the agent's primary instructions. Capability inventory: The skill can read local codebase files and create new issues on GitHub via the CLI. Sanitization: There is no programmatic sanitization of the PRD content, but the skill includes a mandatory 'Quiz the user' step (Step 4) where all proposed issues must be reviewed and approved by the user before they are created.
Audit Metadata