snap-prd
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill uses the GitHub CLI tool to list repository labels and milestones and to publish the PRD as a new issue. These operations are conducted against a well-known service and are necessary for the skill's core functionality.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using the GitHub CLI (such as listing labels and creating issues) to manage project documentation.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes data from the local codebase (which may contain content from external contributors) to inform its output.
- Ingestion points: Local codebase files are accessed and analyzed during the 'Explore codebase' phase (SKILL.md Step 2).
- Boundary markers: No explicit delimiters or instructions are used to separate codebase content from the agent's instructions during the analysis phase.
- Capability inventory: The skill has the capability to read any file in the local repository and the ability to write to GitHub issues using the
ghtool. - Sanitization: The instructions include a security-positive rule advising the agent never to include code snippets or file contents in the generated PRD, which reduces the risk of unintended sensitive data disclosure.
Audit Metadata