Skills
skills/eho/agent-skills/prd-completion-reviewer/Gen Agent Trust Hub

prd-completion-reviewer

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data and follows external links.
  • Ingestion points: Reads local PRD files (e.g., docs/PRD.md), GitHub issues via the gh CLI, and content from external URLs linked within documents (documented in SKILL.md under Workflow step 3).
  • Boundary markers: No explicit delimiters or instructions are used to distinguish between data to be processed and instructions to be ignored within the ingested content.
  • Capability inventory: The skill can read and write local files (README updates), execute shell commands (gh, bun test, pytest), and create GitHub issues.
  • Sanitization: The skill lacks validation or sanitization of content retrieved from external links or PRD files before using it to guide the agent's actions.
  • [COMMAND_EXECUTION]: The skill utilizes local command-line tools to perform its auditing and verification tasks.
  • Executes gh issue list to audit the status of user stories and milestones.
  • Executes bun test or pytest to verify implementation quality.
  • While these commands are central to the skill's purpose, they provide a surface for executing code on the host environment based on configuration found in the repository.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 12:56 AM