prd-from-context
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs its primary function of document generation by reading local project materials and writing a markdown file. All operations are local and consistent with the vendor's provided metadata.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) as it processes untrusted data from the local codebase to generate reports.
- Ingestion points: The skill reads from the current conversation context and local project files, including documentation, code, and tests (SKILL.md).
- Boundary markers: No explicit boundary markers or 'ignore' instructions are used to isolate untrusted data during processing.
- Capability inventory: The agent is authorized to read local files and write a markdown document to the 'docs/prd/' directory.
- Sanitization: No sanitization or data validation logic is prescribed for the content retrieved from the codebase.
Audit Metadata