ai-create-prd

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands using the agent's bash tool to resolve project paths and manage version control. Specifically, it uses git rev-parse --show-toplevel to identify the project name and a chained command git -C "$V" add -A && git -C "$V" commit -m "<message>" && git -C "$V" push to synchronize the Obsidian vault.
  • [DATA_EXFILTRATION]: The skill performs network operations by executing git push. This action transmits the contents of the user's Obsidian vault (specifically the engineering/ directory) to a remote Git repository. This behavior is documented as part of the intended workflow for maintaining documentation sync across sessions.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest untrusted data from users via clarifying questions and then interpolate that data into a PRD file.
  • Ingestion points: User responses from ask-user-question (SKILL.md).
  • Boundary markers: The instructions use <critical> tags to guide the agent's behavior, but there are no explicit delimiters used when writing the user-provided requirements into the PRD file.
  • Capability inventory: The skill has Write access to the filesystem and the ability to execute network operations via git push (SKILL.md).
  • Sanitization: There is no mention of sanitizing or escaping user input before it is written to the vault files.
  • [PROMPT_INJECTION]: The skill uses strong instructional markers such as <critical> to enforce a specific workflow, requiring clarifying questions and adherence to the PRD template. There are no patterns detected that attempt to bypass system-level safety filters.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 02:44 PM
Security Audit — agent-trust-hub — ai-create-prd