Skills
skills/maxritter/claude-codepro/prd/Gen Agent Trust Hub

prd

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from web searches and sub-agents, creating a surface for indirect prompt injection.
  • Ingestion points: Web search results from ToolSearch and fetch_url, and sub-agent outputs read from /tmp/prd-research-*.md in SKILL.md.
  • Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands when synthesizing research findings into the PRD.
  • Capability inventory: The skill can execute shell commands via bash, spawn sub-agents, write files to the local repository, and invoke other skills like /spec.
  • Sanitization: No sanitization or filtering logic is present for data ingested from external web sources.
  • [COMMAND_EXECUTION]: The skill performs local shell operations to manage the PRD workflow and integrate with the environment.
  • Evidence: Uses mkdir -p and rm -f for directory and temporary file management.
  • Evidence: Executes a local binary at ~/.pilot/bin/pilot to retrieve the user's email address for inclusion in the PRD metadata, which is a standard environment integration.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 07:55 PM