tui-prd-to-descriptions
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Text Transformation Logic. The skill acts as a text-to-text transformer, converting PRD text into ASCII layouts and prompt specifications. It does not contain any executable code or logic that interacts with the host system.\n- [SAFE]: No Capability Exposure. The skill explicitly limits its scope to generating descriptive text and specifically disclaims the ability to call external MCP tools (Stitch or Pencil), minimizing the risk of unauthorized tool usage.\n- [SAFE]: Informational References. External links point to documentation on GitHub for standard workflow integration. No dynamic downloads or remote script executions are performed.\n- [SAFE]: Indirect Prompt Injection Surface. While the skill processes untrusted user input (PRDs), it produces static text blocks (TUI_RENDER, STITCH_PROMPT) intended for manual or agent-reviewed use in other systems. The lack of tool-calling capabilities within this skill prevents exploitation of the ingestion surface.
Audit Metadata