prd

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the open command to automatically preview generated PRD files in the user's default editor or viewer. While this involves shell execution, it is used for the primary purpose of the skill and targets a known local file path.- [PROMPT_INJECTION]: The skill maintains an indirect prompt injection surface by ingesting external data without explicit boundary markers or sanitization logic.
  • Ingestion points: User input from $ARGUMENTS, responses to AskUserQuestion, and project configuration from CLAUDE.md.
  • Boundary markers: Absent; user-provided strings are interpolated directly into file contents and task subjects.
  • Capability inventory: The skill has access to file system modifications (Write, Edit), task management (TaskCreate, TaskUpdate), and shell command execution (open).
  • Sanitization: No validation or escaping of external content is performed before interpolation into prompts or commands.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 05:40 AM
Security Audit — agent-trust-hub — prd