skills/wcof/prdhellper/create-prd/Gen Agent Trust Hub

create-prd

Pass

Audited by Gen Agent Trust Hub on Jun 5, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill operates entirely on local project data to manage Product Requirement Documents (PRDs).
  • The installer scripts (install.py, install.bat, install.command) perform standard local installation by copying files to the project's .agents directory.
  • Documentation templates and instructions are focused on standard product management workflows.
  • No hardcoded credentials, sensitive file access (outside project scope), or network exfiltration patterns were found.
  • [COMMAND_EXECUTION]: Local scripts execute shell commands for project automation and Git integration.
  • scripts/prdctl.py utilizes subprocess.check_output to interact with Git for change tracking and traceability.
  • install.py uses subprocess.call to launch the inner installation logic from scripts/install_skill.py.
  • scripts/check_consistency.sh and its harness variants are used for local consistency auditing between the codebase and documentation.
  • These operations are limited to local project management and do not incorporate untrusted input into shell execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 5, 2026, 06:45 AM
Security Audit — agent-trust-hub — create-prd