write-a-prd
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface. The skill instructs the agent to explore the repository to understand its structure and patterns, and then use that information to generate a PRD which is submitted to GitHub issues. This creates a vulnerability where malicious instructions embedded in the repository's documentation or code comments could influence the agent's behavior or output.
- Ingestion points: Step 2 involves the agent reading various repository files to understand the project structure, layers, and existing patterns.
- Boundary markers: Absent. The instructions do not provide delimiters for the codebase content or warn the agent to ignore any embedded instructions found within the repository.
- Capability inventory: Read local file system (repository content); create/submit GitHub issues.
- Sanitization: Absent. No validation or sanitization of the content ingested from the repository is specified before it is used to construct the PRD.
Audit Metadata