to-prd
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary purpose is to generate documentation (PRDs) from existing project data. It does not exhibit signs of malicious behavior, obfuscation, or unauthorized data exfiltration.
- [DATA_EXPOSURE]: The skill accesses the local codebase and conversation context to generate a PRD. This behavior is consistent with its stated purpose of summarizing technical requirements. It transmits this data to the project's configured issue tracker.
- [PROMPT_INJECTION]: As the skill processes untrusted conversation context to generate output for an issue tracker, it possesses an indirect prompt injection surface (Category 8).
- Ingestion points: Conversation history and codebase files.
- Boundary markers: None specified for the generated content.
- Capability inventory: Reads files and publishes to an external issue tracker (likely via a tool call).
- Sanitization: No explicit sanitization of context content is described.
Audit Metadata