vibe-prd

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill operates within the expected scope of a document generation assistant, using allowed tools for reading and writing project-specific documentation within the local file system.
  • [INDIRECT_PROMPT_INJECTION]: The skill has a surface for indirect prompt injection by reading local research files, though the risk is localized to the session content.
  • Ingestion points: Local files matching docs/research-*.txt (SKILL.md).
  • Boundary markers: Absent; research content is referenced directly during the Q&A process without explicit delimiters.
  • Capability inventory: Write tool (used to generate the final PRD), AskUserQuestion tool (used for user interaction), and Read/Glob/Grep tools.
  • Sanitization: Absent; the skill does not perform validation or escaping on the content of the research files.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 01:05 PM
Security Audit — agent-trust-hub — vibe-prd