Skills
skills/sadiksaifi/skills/prd-breakdown/Gen Agent Trust Hub

prd-breakdown

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests untrusted Product Requirements Document (PRD) content from GitHub issues or user prompts to generate tasks. 1. Ingestion points: Phase 1 GitHub issue fetching via 'gh issue view' and direct user prompts. 2. Boundary markers: No explicit delimiters or warnings are specified to isolate PRD content from instructions. 3. Capability inventory: The skill can create GitHub issues and execute bash commands. 4. Sanitization: No explicit content filtering or validation is mentioned.
  • [COMMAND_EXECUTION]: The skill uses bash to run GitHub CLI commands ('gh issue view', 'gh issue create') using user-provided issue numbers and titles. This presents a surface for potential command injection if the agent does not independently sanitize these inputs.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes 'WebSearch' and 'WebFetch' for technical research during the codebase exploration phase.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 07:54 PM