Skills
skills/vfarcic/dot-ai/dot-ai-prd-create/Gen Agent Trust Hub

dot-ai-prd-create

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Command Execution (LOW): The skill generates shell commands for git and gh (GitHub CLI) by interpolating user-provided variables such as [feature-name] and [issue-id]. Although this is the primary purpose of the skill and intended for documentation workflows, it relies on the underlying agent's ability to sanitize these strings to prevent command injection.
  • Prompt Injection (LOW): The skill has an indirect prompt injection surface.
  • Ingestion points: User-provided feature descriptions and names (Step 1).
  • Boundary markers: None provided in the instructions to delimit user input.
  • Capability inventory: The skill executes git add, git commit, and git push commands, and interacts with the GitHub CLI.
  • Sanitization: There are no explicit instructions for the agent to sanitize or escape user-provided content before interpolation into shell commands or PRD files.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 02:19 PM