prd-writing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill's primary function is text processing and document generation based on local markdown files.
- [DATA_EXPOSURE] (SAFE): It only accesses files within the designated
.steering/ideas/directory and writes todocs/product-requirements.md. There is no evidence of unauthorized file access or data exfiltration. - [COMMAND_EXECUTION] (SAFE): The skill contains no scripts or instructions to execute system commands or shell scripts.
- [REMOTE_CODE_EXECUTION] (SAFE): No external dependencies, package installations, or remote script downloads are present.
- [INDIRECT_PROMPT_INJECTION] (LOW): While the skill processes untrusted user-generated content from
.steering/ideas/, the output is a static document and the skill requires explicit user approval before finalization, mitigating the risk of automated malicious actions.
Audit Metadata