to-prd
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface because it ingests untrusted data from the conversation history and the repository content.
- Ingestion points: User conversation context and local codebase files.
- Boundary markers: Absent. There are no instructions to use delimiters or to disregard embedded instructions within the source material.
- Capability inventory: Publishing content to the project's external issue tracker.
- Sanitization: Absent. The agent is instructed to synthesize what it knows without specific filtering or escaping of the input context.
Audit Metadata