prd-generator

SUSPICIOUS: The core PRD-generation behavior is benign and locally scoped, but the skill expands into mandatory git synchronization, commit, and push without per-action approval. Its main risk is autonomous publication to an arbitrary configured remote, plus optional execution of a repo-local script with unverified behavior.