write-a-prd
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill contains no instructions to bypass safety filters, ignore previous rules, or adopt malicious personas. All instructions are task-oriented and professional.
- [DATA_EXFILTRATION]: While the skill reads repository content and writes to GitHub issues, these actions are the intended primary functions of the tool. There are no hardcoded credentials, sensitive file path accesses (like .ssh or .env), or unauthorized network requests to external domains.
- [REMOTE_CODE_EXECUTION]: No patterns for downloading and executing remote scripts, package installations, or dynamic code evaluation (eval/exec) were found.
- [SAFE]: The skill implements a robust security control by requiring the user to review and explicitly approve the draft PRD in step 6 before step 7 (GitHub issue submission) is executed. This prevents any potentially malicious or incorrect content derived from repo exploration from being automatically published.
Audit Metadata