to-prd
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data and performs external write operations.
- Ingestion points: The skill reads the 'current conversation context' and performs 'repo exploration' to understand the codebase (SKILL.md).
- Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within the processed context or code files.
- Capability inventory: The skill has the capability to 'publish it to the project issue tracker' and apply triage labels (SKILL.md).
- Sanitization: No sanitization or validation of the synthesized PRD content is specified before publication to the tracker.
Audit Metadata