prd
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted user input (feature descriptions) and incorporates it into a structured markdown file saved in the tasks/ directory.
- Ingestion points: User-provided feature description and answers to clarifying questions are used to populate the PRD sections.
- Boundary markers: Absent. The instructions do not define clear delimiters for user input nor do they instruct the agent to ignore potential instructions embedded within the user's feature description.
- Capability inventory: File system write operations to the tasks/ directory.
- Sanitization: None. The skill does not describe any sanitization or validation of the user's input before interpolation into the generated document.
- Risk: A malicious user could inject instructions into the feature description that get saved into the PRD. Since the skill explicitly targets 'AI agents' as readers of the generated PRD, a downstream agent reading the file might execute malicious instructions embedded in User Stories or Functional Requirements.
Audit Metadata