ai-feature-prd-spec

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: Analysis of the skill instructions and associated prompts reveals no malicious patterns. The skill is dedicated to generating structured technical documentation based on industry standards such as NIST and the EU AI Act. No network operations, credential access, or shell command executions were identified.
  • [PROMPT_INJECTION]: The skill identifies a data ingestion surface in logic.prompt where it reads multiple user-provided markdown files (PRD.md, AI_Feature_Strategy_Doc.md, etc.). While there are no explicit boundary markers or sanitization steps to prevent indirect prompt injection from these sources, the risk is low because the skill's capabilities are limited to generating a new markdown document and do not involve executing code, performing network operations, or interacting with sensitive system services. (Ingestion: logic.prompt step 1; Boundaries: absent; Capability: document generation; Sanitization: absent).
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 10:15 AM
Security Audit — agent-trust-hub — ai-feature-prd-spec