write-a-prd
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it instructs the agent to explore the codebase to verify user assertions (Step 2 in
SKILL.md). This involves reading untrusted data from repository files that could contain malicious instructions designed to manipulate the agent's behavior. If triggered, this could result in the agent including unauthorized data in the PRD or misusing its capability to submit GitHub issues.\n - Ingestion points: Codebase exploration in
SKILL.md.\n - Boundary markers: Absent; there are no instructions for the agent to treat repository content as untrusted or to use delimiters.\n
- Capability inventory: The agent has the ability to read local files and potentially create GitHub issues.\n
- Sanitization: No sanitization or validation of the repository data is performed before processing.\n- [NO_CODE]: The skill consists entirely of markdown instructions and does not include any scripts, binaries, or executable code, which limits its direct execution risk.
Audit Metadata