saas-prd-review
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a Python runner script (
scripts/run.py) that facilitates communication with the vendor's API atai-skills.ai. This is a standard architectural pattern for this type of skill and does not involve arbitrary command execution. - [EXTERNAL_DOWNLOADS]: The included Python script attempts to use the well-known
certifipackage for SSL certificate verification to ensure secure network communications. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted data provided by users, which is its primary function. This constitutes a potential attack surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context through the
prdDraftText,prdDocumentFile, andprdReferenceLinkfields defined inreferences/form-schema.json. - Boundary markers: No explicit boundary markers or warnings to ignore embedded instructions were found in the provided configuration.
- Capability inventory: The skill's local capabilities are restricted to network operations with the vendor's domain (
ai-skills.ai). No local file system writes or subprocess executions were found. - Sanitization: No input sanitization or validation logic is present in the local script; processing is handled by the remote API.
Audit Metadata