requirements-clarity
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill exhibits a vulnerability surface for indirect prompt injection (Category 8).
- Ingestion points: Untrusted user requirement descriptions enter the agent context in
SKILL.mdunder 'Step 1: Initial Requirement Analysis'. - Boundary markers: Absent; the instructions do not define delimiters (e.g., XML tags or triple quotes) or 'ignore embedded instructions' warnings for either the input processing or the output PRD generation.
- Capability inventory: The skill has file-write capabilities using the
Writetool to save content to./docs/prds/{feature_name}-v{version}-prd.md. - Sanitization: Absent; the skill does not perform escaping, validation, or filtering of the user-provided content before interpolating it into the final document, which could lead to downstream tool or human deception if malicious instructions are embedded in the requirements.
Audit Metadata