write-a-prd
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or safety bypass attempts were found in the skill logic.
- [DATA_EXFILTRATION]: The skill is designed to transmit information (the PRD) to GitHub via issue creation. This behavior is the primary stated purpose of the skill and includes a mitigation step that instructs the agent not to include specific file paths or code snippets in the final output, which prevents the leakage of sensitive implementation details.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted data from the repository and user inputs. Ingestion points: Data enters the context from the local filesystem during codebase exploration and from user strings during the interview phase. Boundary markers: The skill does not define explicit delimiters to isolate repo content or user input. Capability inventory: The agent has capabilities to read files and create GitHub issues (network write). Sanitization: The skill includes a specific instruction to exclude raw code and file paths from the final document, providing a measure of output sanitization against injected content.
Audit Metadata