to-prd
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external, potentially untrusted data to perform automated actions.
- Ingestion points: The skill reads from the current conversation context and performs repository exploration to understand the codebase (SKILL.md).
- Boundary markers: While a template is used, there are no explicit boundary markers or instructions telling the agent to ignore embedded instructions within the processed files or conversation history.
- Capability inventory: The agent is instructed to explore the repository (read access) and publish generated content to the project issue tracker (write access).
- Sanitization: There is no evidence of sanitization, filtering, or validation of the data ingested from the codebase or conversation before it is synthesized into the PRD and published.
Audit Metadata