architecture-spec
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from
docs/PRD.mdwithout input validation or boundary markers, making it susceptible to indirect prompt injection. - Ingestion points:
docs/PRD.md(Execution Step 1). - Boundary markers: Absent; there are no instructions to the agent to treat the PRD content as data rather than instructions.
- Capability inventory: The skill utilizes
ReadandWritetools to perform filesystem operations. - Sanitization: Absent; the skill extracts information from the PRD and uses it directly to populate a markdown template.
Audit Metadata