The Agent Skills Directory

[SAFE]: The skill uses a file scanning mechanism to identify relevant project documentation (PRDs, HLDs, API specs). It correctly implements security exclusions for sensitive and dependency directories, including .git, node_modules, dist, and virtual environment folders, minimizing the risk of accidental exposure or processing of non-target data.
[SAFE]: The WebSearch functionality is used for legitimate industry research and benchmarking. The skill instructions focus on searching for best practices (e.g., payment system design, authentication flows) to improve the quality of generated PRDs.
[SAFE]: The skill processes external data from project files and web results. While this constitutes an indirect prompt injection surface, the risk is negligible as the skill lacks high-risk execution capabilities (such as shell access or dynamic code evaluation) and focuses purely on text generation and document drafting.
[SAFE]: The implementation of traceability metadata and mandatory review phases ensures that the generated output remains aligned with user expectations and project standards, providing high transparency into the data sources used.

prd-writer