create-prd
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified in the skill's instructions or logic. The skill adheres to its stated purpose of facilitating document creation through user interviews.
- [DATA_EXPOSURE]: The skill's file operations are limited to writing markdown documentation within a local
.specs/directory. It does not attempt to read sensitive files (such as.sshor.awscredentials) or environment variables. - [COMMAND_EXECUTION]: There are no shell commands, script executions, or uses of the dynamic context injection syntax (
!command). The process relies on standard AI agent tools for user interaction and file writing. - [REMOTE_CODE_EXECUTION]: The skill does not download external scripts, install packages, or reference remote resources, eliminating the risk of remote code execution or supply chain attacks.
Audit Metadata