plan-prd
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONNO_CODE
Full Analysis
- [NO_CODE]: The skill consists exclusively of Markdown-based instructions and reference templates. It contains no executable scripts (Python, JavaScript, etc.) or binary files.
- [COMMAND_EXECUTION]: The workflow incorporates the use of the GitHub CLI (
gh issue create) and local file system operations to store the finalized documentation. These actions are legitimate and necessary for the skill's stated functionality as a product planning tool. - [DATA_EXPOSURE]: The instructions direct the agent to analyze the local codebase to ensure requirements are grounded in existing architecture. This behavior is functional for product development and does not involve exfiltration of sensitive information.
- [PROMPT_INJECTION]: While the skill processes user input and codebase content, which is a standard surface for indirect prompt injection, it mitigates this through structured templates and quality checklists that emphasize concrete, numeric requirements over free-form text.
Audit Metadata