prd-writer
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill includes a 'Context Collection' phase where it scans for project documentation (PRDs, HLDs, API specs) and configuration files (package.json, pyproject.toml). To mitigate risk, it explicitly excludes sensitive directories such as .git, node_modules, and virtual environments from its search patterns.
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process external project files which could theoretically contain malicious instructions. However, it implements a mandatory human-in-the-loop step (Step 0.2: User confirmation of reference documents) and emphasizes 'evidence-based' writing over speculation, which reduces the surface for accidental obedience to injected instructions.
- [EXTERNAL_DOWNLOADS]: The skill utilizes a WebSearch tool to conduct industry research on best practices. This is an intended feature for providing competitive analysis in PRDs and is conducted via a standard search tool.
- [PROMPT_INJECTION]: The instructions contain strict operational guidelines (e.g., 'Core Principles', 'Mandatory Review') designed to keep the agent focused on PRD writing and prevent it from veering into technical design (HLD). These are internal quality controls and do not attempt to bypass the underlying model's safety filters.
Audit Metadata