to-prd
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified in the skill's instructions or metadata. The skill focuses on standard project management documentation tasks.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted data from the local repository and the current conversation context to generate its output.
- Ingestion points: Processes codebase content and conversation history as specified in the 'Process' section of SKILL.md.
- Boundary markers: No specific boundary markers or 'ignore' instructions are used for the input data, though the output is structured via a
<prd-template>. - Capability inventory: Performs repository exploration and publishes to an external issue tracker.
- Sanitization: No explicit sanitization of the synthesized content is mentioned before publication.
- [DATA_EXFILTRATION]: The skill is designed to send synthesized information to an external 'project issue tracker'. While this involves network transmission of project-related data, it is the explicitly stated primary purpose of the skill and relies on the agent's pre-configured tool permissions (e.g., GitHub CLI).
Audit Metadata