Skills
skills/luizhcrocha/skills/to-prd/Gen Agent Trust Hub

to-prd

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to explore the repository and synthesize information from files and records to generate a PRD. Maliciously crafted content within the repository could potentially influence the agent's output.
  • Ingestion points: Repository files, domain glossary, Architecture Decision Records (ADRs), and conversation context.
  • Boundary markers: None specified in the instructions or PRD template.
  • Capability inventory: The ability to write and publish content to an external issue tracker.
  • Sanitization: No validation or sanitization of ingested content is defined.
  • [DATA_EXFILTRATION]: The skill is designed to extract architectural decisions, module interfaces, and implementation details to be published to an external issue tracker. While this is the intended behavior, it involves the transfer of technical project information to a third-party service, necessitating appropriate access controls on the destination platform.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 03:34 PM
Security Audit — agent-trust-hub — to-prd