srs-generation
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting and processing untrusted data from the local project environment.
- Ingestion points: The skill reads the project directory structure,
README.md, and Product Requirements Documents (PRD) atdocs/<feature-name>/prd.mdto build requirements context. - Boundary markers: The instructions do not define delimiters or specific 'ignore embedded instructions' warnings to prevent the agent from following instructions potentially contained within the analyzed files.
- Capability inventory: The skill is restricted to file system read operations and writing the generated SRS to the
docs/directory. It does not possess network access, subprocess execution, or shell access. - Sanitization: There is no requirement for the agent to sanitize, escape, or validate the content of the input files before processing them for document generation.
Audit Metadata