write-a-prd
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by ingesting untrusted data from external sources (Linear, Figma, and Notion) to guide its logic. An attacker who controls a referenced ticket or document could inject instructions to influence the agent's behavior during repo exploration or document generation.
- Ingestion points: Step 2 fetches data from Linear tickets, Figma URLs, and Notion pages provided in the user's initial input.
- Boundary markers: Absent. The instructions do not define delimiters or provide 'ignore embedded instructions' warnings for external content.
- Capability inventory: The skill has read access to the local codebase (Step 3) and file-write access to create documents in '~/Development/docs/prd' (Step 6).
- Sanitization: Absent. The skill does not perform validation or filtering on the content retrieved from external tools before processing it.
Audit Metadata