prd-writing
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill reads untrusted markdown files from .steering/ideas/ and incorporates their content into a generated PRD. This creates an attack surface where instructions embedded in the input files could hijack the agent's behavior during generation.
- Ingestion points: All markdown files within the .steering/ideas/ directory.
- Boundary markers: Absent. The skill does not define clear delimiters or instructions for the agent to treat input files as data only.
- Capability inventory: The skill possesses file-read access to local directories and file-write access to create docs/product-requirements.md.
- Sanitization: Absent. There is no evidence of validation or escaping logic for the ingested content before it is processed by the agent.
Audit Metadata