vibe-prd
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates within the expected scope of a document generation assistant, using allowed tools for reading and writing project-specific documentation within the local file system.
- [INDIRECT_PROMPT_INJECTION]: The skill has a surface for indirect prompt injection by reading local research files, though the risk is localized to the session content.
- Ingestion points: Local files matching docs/research-*.txt (SKILL.md).
- Boundary markers: Absent; research content is referenced directly during the Q&A process without explicit delimiters.
- Capability inventory: Write tool (used to generate the final PRD), AskUserQuestion tool (used for user interaction), and Read/Glob/Grep tools.
- Sanitization: Absent; the skill does not perform validation or escaping on the content of the research files.
Audit Metadata