refine-requirement
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's primary functionality is restricted to local text processing and file management. It does not utilize dangerous tools, perform network operations, or request elevated privileges.
- [PROMPT_INJECTION]: The skill manages document content that acts as an indirect prompt injection surface.
- Ingestion points: The skill reads file content from
.agents/flow/{file}and reads metadata from.agents/state.json. - Boundary markers: The instructions do not define specific delimiters to isolate the PRD content from the agent's instructions, potentially allowing embedded text to influence behavior.
- Capability inventory: Capabilities are limited to reading and writing project-specific files; the skill cannot access the network or execute shell commands.
- Sanitization: No sanitization or path validation is performed on the ingested content or the file paths derived from the project state.
Audit Metadata