cy-create-prd
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates as a document generation tool with clear boundaries between product requirements (what/why) and technical implementation (how). All operations (file reading, web searching, and file writing) are aligned with its stated purpose of assisting in product design.
- [COMMAND_EXECUTION]: The skill creates directories and files within a hidden
.compozyfolder. File paths are derived from user-provided feature names (slugs), which is a standard pattern for task-based AI agents to organize output. - [DATA_EXFILTRATION]: The skill gathers context by reading the local codebase and performing web searches. This data is synthesized into a PRD document. There is no evidence of sensitive data being exfiltrated to unauthorized external domains; network usage is limited to standard web search tools.
- [PROMPT_INJECTION]: The skill contains strong behavioral instructions (e.g., "HARD-GATE", "strictly enforced") to ensure the agent follows the PRD generation protocol and avoids implementation details. These are safety and quality constraints rather than malicious injection attempts.
Audit Metadata