prd
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill possesses an indirect prompt injection surface due to how it processes user input to create documents. * Ingestion points: Feature descriptions and user answers to clarifying questions are ingested from the user. * Boundary markers: Absent. There are no delimiters or system-level instructions used to segregate user-provided data from the PRD structure. * Capability inventory: The skill allows the agent to write markdown files to the
tasks/directory. * Sanitization: No sanitization or validation is performed on the input text before it is saved. The primary risk is that a malicious feature description could contain embedded instructions that an agent might inadvertently follow when reading the PRD during later implementation phases.
Audit Metadata