bd-generate-plan-from-prd
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is document transformation and project planning, which is performed through standard file reading and writing operations within the project workspace.
- [SAFE]: No evidence of hardcoded credentials, suspicious network activity, or obfuscated content was found.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted Project Requirements Documents (PRDs). However, the risk is minimal given the restricted output format and user-in-the-loop validation.
- Ingestion points: PRD content provided via user input or workspace files.
- Boundary markers: None identified in the prompt templates.
- Capability inventory: File system exploration (read) and Markdown file creation in the .plans directory (write).
- Sanitization: No content sanitization or instruction-filtering is applied to the ingested data.
Audit Metadata