create-prd
Pass
Audited by Gen Agent Trust Hub on Jun 5, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill operates entirely on local project data to manage Product Requirement Documents (PRDs).
- The installer scripts (install.py, install.bat, install.command) perform standard local installation by copying files to the project's .agents directory.
- Documentation templates and instructions are focused on standard product management workflows.
- No hardcoded credentials, sensitive file access (outside project scope), or network exfiltration patterns were found.
- [COMMAND_EXECUTION]: Local scripts execute shell commands for project automation and Git integration.
scripts/prdctl.pyutilizessubprocess.check_outputto interact with Git for change tracking and traceability.install.pyusessubprocess.callto launch the inner installation logic fromscripts/install_skill.py.scripts/check_consistency.shand its harness variants are used for local consistency auditing between the codebase and documentation.- These operations are limited to local project management and do not incorporate untrusted input into shell execution.
Audit Metadata