skills/oldwinter/skills/to-prd/Gen Agent Trust Hub

to-prd

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external, potentially untrusted data to perform automated actions.
  • Ingestion points: The skill reads from the current conversation context and performs repository exploration to understand the codebase (SKILL.md).
  • Boundary markers: While a template is used, there are no explicit boundary markers or instructions telling the agent to ignore embedded instructions within the processed files or conversation history.
  • Capability inventory: The agent is instructed to explore the repository (read access) and publish generated content to the project issue tracker (write access).
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the data ingested from the codebase or conversation before it is synthesized into the PRD and published.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 06:49 AM
Security Audit — agent-trust-hub — to-prd