Skills
skills/compozy/kb/cy-create-prd/Gen Agent Trust Hub

cy-create-prd

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from multiple sources.
  • Ingestion points: Reads _idea.md, _prd.md, local codebase files (via search), and external web search results.
  • Boundary markers: Lacks explicit instructions to the agent to ignore or delimit instructions found within the ingested data.
  • Capability inventory: Possesses capabilities to create directories, write files (.compozy/tasks/), and perform network searches.
  • Sanitization: No explicit sanitization or validation of the ingested content is described before processing or including it in the final document.
  • [DATA_EXFILTRATION]: The skill performs web searches (network operations) using information derived from the local codebase to provide market context. While part of the intended functionality, this involves transmitting summarized codebase context to external search providers.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 12:15 AM
Security Audit — agent-trust-hub — cy-create-prd