dot-ai-prd-update-decisions
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill identifies and processes untrusted data from conversation contexts and existing documentation files.
- Ingestion points: Reads from the
prds/directory and active conversation history. - Boundary markers: Absent. The instructions do not define delimiters for external content to prevent the agent from obeying instructions potentially embedded in the analyzed data.
- Capability inventory: File system read and write access for document management within the
prds/folder. - Sanitization: Absent. The agent is instructed to map conversation decisions directly to document updates without verifying the source or intent of the input.
Audit Metadata