skills/banjo/aigent/aigent-prd/Gen Agent Trust Hub

aigent-prd

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill performs automated data transformation, parsing user-provided requirements and mapping them to a predefined schema for the Aigent tool. It creates project-specific metadata files (prd.json, meta.json, progress.txt) within a dedicated local directory (~/.aigent).
  • [PROMPT_INJECTION]: The skill processes untrusted PRD text which presents a surface for indirect prompt injection.
  • Ingestion points: User-supplied PRD or requirement text (Workflow Step 1).
  • Boundary markers: None defined; the agent is instructed to read the text directly.
  • Capability inventory: File system write access to ~/.aigent for creating project state files.
  • Sanitization: No explicit sanitization or validation of input text is performed before interpolation into JSON fields.
  • [SAFE]: While the instructions mention commands like pnpm typecheck or pnpm test, these are intended as documentation strings inside the generated prd.json file for subsequent execution by the user or another tool, and are not executed by the skill itself during the conversion process.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 01:05 AM
Security Audit — agent-trust-hub — aigent-prd