skills/ninehills/skills/to-prd/Gen Agent Trust Hub

to-prd

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by instructing the agent to process potentially untrusted content from the repository and conversation context. \n
  • Ingestion points: Repository exploration and current conversation history (SKILL.md). \n
  • Boundary markers: There are no explicit instructions or delimiters provided to distinguish between the skill's instructions and the untrusted data being processed. \n
  • Capability inventory: The skill utilizes the agent's ability to publish content to a project issue tracker (SKILL.md, step 3). \n
  • Sanitization: The instructions do not define any sanitization, filtering, or validation steps for the input data before it is incorporated into the PRD.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 06:42 AM
Security Audit — agent-trust-hub — to-prd