to-prd
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run
/setup-matt-pocock-skillsto scaffold documentation if the project tracker configuration is not found. - [DATA_EXFILTRATION]: The skill's primary function involves extracting information from the user's conversation and codebase to publish it to an external issue tracker.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from the conversation and codebase during PRD synthesis. 1. Ingestion points: Conversation context and codebase content referenced in SKILL.md. 2. Boundary markers: No delimiters or warnings are used to prevent the agent from obeying instructions embedded in the ingested content. 3. Capability inventory: File system exploration, issue tracker publishing, and triage label application. 4. Sanitization: No sanitization or validation of the input data is defined before its use in the PRD template.
Audit Metadata