Skills
skills/wcof/prdcontextengine/prd-start/Gen Agent Trust Hub

prd-start

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute a local Python script (prd-command-dispatch.py) located within the skill's directory structure. This is used to initiate the PRD (Product Requirements Document) helper process.
  • [PROMPT_INJECTION]: A surface for indirect prompt injection exists because the skill processes content from the current project directory.
  • Ingestion points: Untrusted data enters the agent context via the --project . argument in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded instructions are present in the command string.
  • Capability inventory: The skill is permitted to use the Bash tool, which is used to launch the Python-based dispatcher.
  • Sanitization: No evidence of content sanitization or validation is visible in the skill's instructional prompt.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 04:23 AM