dot-ai-prd-start
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (LOW): The skill requires the agent to run Git commands (
git branch,git checkout) to manage feature branches. This is a functional requirement of the skill's purpose. - EXTERNAL_DOWNLOADS (LOW): Step 3 instructs the agent to 'Install any new dependencies required by the PRD'. This involves fetching and executing third-party code. While categorized as MEDIUM for unverifiable packages, the severity is downgraded to LOW as it is the primary intended purpose of a development setup skill.
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) as it reads and acts upon instructions found in external PRD files.
- Ingestion points: PRD markdown files located in the
prds/directory. - Boundary markers: None present; the agent is instructed to read the file and validate readiness based on its contents without explicit delimiters or safety warnings for embedded instructions.
- Capability inventory: Git branch manipulation and arbitrary dependency installation via shell.
- Sanitization: None; the skill does not specify validation or filtering for the content of the PRD files before the environment setup phase.
Audit Metadata