Skills
skills/futuregerald/futuregerald-claude-plugin/write-a-prd/Gen Agent Trust Hub

write-a-prd

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads untrusted data from the repository and configuration files.
  • Ingestion points: The agent explores the repository (Step 2) and reads the CLAUDE.md file to detect issue tracker configurations.
  • Boundary markers: The skill lacks explicit instructions or delimiters to isolate repository content from the agent's core instructions, potentially allowing malicious content in the codebase to influence agent behavior.
  • Capability inventory: The skill can execute shell commands (gh issue create) and invoke external MCP tools (createJiraIssue).
  • Sanitization: There is no evidence of sanitization or filtering of the data retrieved from the codebase before it is used to generate the PRD or passed to issue-creation tools.
  • [COMMAND_EXECUTION]: The skill uses the GitHub CLI (gh) to perform actions.
  • Evidence: The skill specifies the use of gh issue create to submit the generated PRD if GitHub is the detected issue tracker.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 10:34 PM