prd
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to ingest and process untrusted data from the local repository to inform the generation of a PRD.
- Ingestion points: The skill reads project documentation including
README.md,CLAUDE.md, and files within the.llmdocs/directory, as well as source code identified via grep or symbol searches. - Boundary markers: No explicit delimiters or instructions are provided to the agent to disregard potential instructions embedded within the files it reads.
- Capability inventory: The skill utilizes filesystem search tools (grep, Glob, Serena symbol search) for reading and possesses write capabilities to save output to the
.llmtmp/directory. - Sanitization: There is no evidence of sanitization, filtering, or validation of the content ingested from the repository before it is used to generate the PRD.
Audit Metadata