prd-to-json
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from markdown files, which could contain instructions intended to override the agent's behavior during parsing or validation.
- Ingestion points: Processes content from
.prd/prd-*.mdfiles. - Boundary markers: Absent; the workflow does not include instructions to the agent to ignore or delimit embedded commands within the input files.
- Capability inventory: Accesses the file system to read markdown and write JSON to the
.prd/directory. No network or subprocess capabilities are present. - Sanitization: Absent; the skill extracts and interpolates text directly into a JSON structure without validation of the input strings.
Audit Metadata