Skills
skills/shipshitdev/library/task-prd-creator/Gen Agent Trust Hub

task-prd-creator

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses standard command-line utilities like cat and grep to read architectural documentation and search for patterns within the local project structure. It also references the use of npm test for verifying implementation during the testing phase.
  • [EXTERNAL_DOWNLOADS]: The workflow retrieves library documentation via the Context7 MCP tool from well-known sources, such as the Vercel and NestJS GitHub repositories, to inform the planning process.
  • [PROMPT_INJECTION]: The skill processes user-provided feature requests which could contain indirect instructions.
  • Ingestion points: User requests such as 'I want to add X' or 'Implement Y' (SKILL.md).
  • Boundary markers: Mandatory user approval step is required after file creation and before implementation (SKILL.md, references/full-guide.md).
  • Capability inventory: Local file system read/write access and MCP tool calls for fetching documentation.
  • Sanitization: The skill relies on a human-in-the-loop validation step where the generated Task and PRD files are presented to the user for review.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 07:31 AM