prd-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from the local codebase to generate requirements and tasks.\n
- Ingestion points: Codebase files and git history analyzed by research agents (e.g.,
prd-codebase-researcher,git-history-analyzer) in Phase 2.\n - Boundary markers: Absent; the instructions do not provide delimiters or clear isolation between instructions and analyzed code content.\n
- Capability inventory: The skill executes shell commands (
git,ls,dex) and spawns multiple sub-agents based on the analyzed data.\n - Sanitization: No explicit sanitization or filtering of external file content is described before the data is used in the workflow.\n- Command Execution (SAFE): The skill uses local shell commands (
git branch,ls,dex plan) to facilitate its workflow. These commands are typical for a development tool and do not involve privilege escalation or unauthorized access.
Audit Metadata