to-prd
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides a structured template and workflow for documenting project requirements. It operates on local codebase data and conversation context, using tools like
WriteandBashfor legitimate purposes such as file creation and local script execution. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it ingests untrusted data from the codebase to synthesize a PRD. However, the risk is minimal as the output is a text-based documentation template.
- Ingestion points: Codebase files (read via
Read,Grep,Globtools) and conversation context. - Boundary markers: Absent; no specific delimiters or warnings are used to prevent the agent from following instructions found in external data.
- Capability inventory:
Bash,Write, andEdittools are available for file system and shell operations. - Sanitization: Absent; no sanitization or filtering is applied to the ingested content before it is processed.
Audit Metadata