to-prd
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from the codebase and conversation context to generate its output.\n
- Ingestion points: The skill ingests data from the "current conversation context" and "codebase understanding" (SKILL.md).\n
- Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore or isolate instructions that might be embedded in the codebase or conversation history.\n
- Capability inventory: The skill is capable of performing a "publish to project issue tracker" action and can "explore repo" (SKILL.md).\n
- Sanitization: There is no evidence of sanitization, filtering, or validation of the external content before it is processed by the model.\n- [DATA_EXFILTRATION]: The skill is designed to read codebase information and export a summarized PRD to an external "issue tracker". This activity is aligned with the skill's primary stated purpose.
Audit Metadata