to-prd

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill operates purely through prompt-based instructions to structure documentation tasks. It does not execute shell scripts, download external binaries, or access sensitive system credentials.
  • [PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection (Category 8) because it ingests untrusted data from the repository files and conversation context to produce its output. However, this is inherent to its primary purpose as a PRD generator and does not indicate malicious intent.
  • Ingestion points: Repository files (via 'Explore the repo') and conversation history (via 'current conversation context').
  • Boundary markers: Not explicitly defined; the skill does not instruct the agent to ignore instructions embedded within the source material.
  • Capability inventory: File reading and publishing to an issue tracker (via tool call implied by the description).
  • Sanitization: Not present within the prompt text.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 05:41 AM
Security Audit — agent-trust-hub — to-prd