to-prd
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute
mkdir -p .aixto ensure a local directory exists for storing generated files. This is a standard and limited file system operation. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection due to its requirement to process external and potentially untrusted data.
- Ingestion points: The agent reads the conversation context and the codebase content during the PRD synthesis process.
- Boundary markers: The instructions lack specific delimiters or ignore-instructions to separate ingested data from the agent's core task logic.
- Capability inventory: The skill can perform file system writes and publish content to an external issue tracker.
- Sanitization: There is no explicit validation or sanitization of the data ingested from the codebase or conversation history.
Audit Metadata