aigent-prd
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs automated data transformation, parsing user-provided requirements and mapping them to a predefined schema for the Aigent tool. It creates project-specific metadata files (
prd.json,meta.json,progress.txt) within a dedicated local directory (~/.aigent). - [PROMPT_INJECTION]: The skill processes untrusted PRD text which presents a surface for indirect prompt injection.
- Ingestion points: User-supplied PRD or requirement text (Workflow Step 1).
- Boundary markers: None defined; the agent is instructed to read the text directly.
- Capability inventory: File system write access to
~/.aigentfor creating project state files. - Sanitization: No explicit sanitization or validation of input text is performed before interpolation into JSON fields.
- [SAFE]: While the instructions mention commands like
pnpm typecheckorpnpm test, these are intended as documentation strings inside the generatedprd.jsonfile for subsequent execution by the user or another tool, and are not executed by the skill itself during the conversion process.
Audit Metadata