prd-writer
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were detected. The skill acts as a guided writer for generating markdown documentation.
- [PROMPT_INJECTION]: The instructions focus on structured data gathering and do not contain patterns aimed at bypassing AI safety filters or overriding system prompts.
- [DATA_EXFILTRATION]: The skill does not perform any network operations. It requests information from the user regarding project requirements but does not access sensitive system files or environment variables.
- [REMOTE_CODE_EXECUTION]: No external scripts or packages are downloaded or executed. The skill is entirely self-contained within the provided markdown files.
- [COMMAND_EXECUTION]: While the generated PRD template includes sections for build and test commands, the skill itself does not invoke a shell or execute any of these commands; it only documents them as text provided by the user.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests user input to populate the PRD. While this creates a surface where a user could input instructions intended for a downstream agent reading the PRD, the skill itself has no execution capabilities that could be exploited.
Audit Metadata