to-prd
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by instructing the agent to process potentially untrusted content from the repository and conversation context. \n
- Ingestion points: Repository exploration and current conversation history (SKILL.md). \n
- Boundary markers: There are no explicit instructions or delimiters provided to distinguish between the skill's instructions and the untrusted data being processed. \n
- Capability inventory: The skill utilizes the agent's ability to publish content to a project issue tracker (SKILL.md, step 3). \n
- Sanitization: The instructions do not define any sanitization, filtering, or validation steps for the input data before it is incorporated into the PRD.
Audit Metadata