ai-create-prd
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using the agent's bash tool to resolve project paths and manage version control. Specifically, it uses
git rev-parse --show-toplevelto identify the project name and a chained commandgit -C "$V" add -A && git -C "$V" commit -m "<message>" && git -C "$V" pushto synchronize the Obsidian vault. - [DATA_EXFILTRATION]: The skill performs network operations by executing
git push. This action transmits the contents of the user's Obsidian vault (specifically the engineering/ directory) to a remote Git repository. This behavior is documented as part of the intended workflow for maintaining documentation sync across sessions. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest untrusted data from users via clarifying questions and then interpolate that data into a PRD file.
- Ingestion points: User responses from
ask-user-question(SKILL.md). - Boundary markers: The instructions use
<critical>tags to guide the agent's behavior, but there are no explicit delimiters used when writing the user-provided requirements into the PRD file. - Capability inventory: The skill has
Writeaccess to the filesystem and the ability to execute network operations viagit push(SKILL.md). - Sanitization: There is no mention of sanitizing or escaping user input before it is written to the vault files.
- [PROMPT_INJECTION]: The skill uses strong instructional markers such as
<critical>to enforce a specific workflow, requiring clarifying questions and adherence to the PRD template. There are no patterns detected that attempt to bypass system-level safety filters.
Audit Metadata