The Agent Skills Directory

[SAFE]: Systematic review of the skill's instructions and reference files confirms its primary purpose as a PRD parser. No patterns related to data exfiltration, malicious persistence, or credential harvesting were detected.
[PROMPT_INJECTION]: The skill is subject to indirect prompt injection (Category 8) because it processes untrusted input. Evidence Chain: 1. Ingestion points: Reads PRD content from '${ARGUMENTS}/prd-source.md' (SKILL.md). 2. Boundary markers: Absent; the skill lacks delimiters or instructions to ignore embedded commands. 3. Capability inventory: Uses 'Read', 'Write', and 'Edit' tools to transform document content (SKILL.md). 4. Sanitization: No validation or sanitization of input strings is performed. Given the restricted toolset (no Shell or network access), the surface is considered a low risk factor for this specific implementation.

prd-analyzer