Skills
skills/mattpocock/skills/to-prd/Gen Agent Trust Hub

to-prd

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from external sources (the codebase and conversation history) and uses it to generate output that is published to an issue tracker.
  • Ingestion points: The skill instructs the agent to "explore the repo" and use the "current conversation context" (SKILL.md, Step 1).
  • Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within the ingested data.
  • Capability inventory: The agent is capable of reading repository files and publishing to the project's issue tracker.
  • Sanitization: No sanitization or validation steps are defined for the content extracted from the codebase before it is incorporated into the PRD.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 12:51 PM