to-prd
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to transform existing dialogue and repository documentation into a structured PRD. It does not perform any sensitive operations outside of standard project management tasks.
- [DATA_EXPOSURE_&_EXFILTRATION]: While the skill reads repository files such as
ROADMAP.mdand decision logs (docs/decisions/), this data is used exclusively to populate the PRD template. There are no patterns suggesting data is sent to unauthorized external domains. - [COMMAND_EXECUTION]: The skill instructs the agent to use repository exploration tools to gather context. It does not execute arbitrary shell commands, privileged operations, or remote scripts.
- [INDIRECT_PROMPT_INJECTION]: The skill processes data from repository files (
ROADMAP.md,docs/decisions/). Although these are external ingestion points, the risk is negligible as the skill uses a fixed template to generate documentation rather than executing logic based on the content of those files.
Audit Metadata