product-brief
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a workflow that captures untrusted user input and incorporates it into files saved on the local filesystem, which presents a surface for indirect prompt injection.
- Ingestion points: The skill captures user input in
SKILL.mdduring the initial idea phase and throughout the conversational questioning process in Phase 2. - Boundary markers: While the skill uses Markdown structural templates, it lacks explicit delimiters or specific instructions to the agent to treat interpolated user content strictly as data rather than potential instructions.
- Capability inventory: The skill performs multiple file-write operations, creating project folders, saving PRD documents in
04-Projects/, and updating stakeholder and task files. - Sanitization: There is no evidence of input validation or sanitization routines to filter potentially malicious instructions within the user's product descriptions before they are written to files.
Audit Metadata