to-prd
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill automates the transfer of codebase summaries to an issue tracker. As this is the declared primary purpose and the destination is part of the user's project infrastructure, it is considered safe behavior.
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) as it processes untrusted codebase and conversation data. Ingestion points: SKILL.md (processes conversation context and codebase). Boundary markers: Uses a
<prd-template>structure but lacks specific 'ignore' delimiters for ingested content. Capability inventory: File reading (repo exploration) and network writes (publishing to tracker). Sanitization: No sanitization or validation of the ingested content is described. - [COMMAND_EXECUTION]: Repository exploration is requested to synthesize the PRD. This involves standard file system access and is necessary for the skill's stated goal.
Audit Metadata