create-prd
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from user interviews and codebase exploration to generate PRDs, creating a surface for indirect prompt injection where malicious content in the codebase or user input could attempt to influence the agent's output. * Ingestion points: User input during the interview process and file content during codebase exploration. * Boundary markers: None explicitly used to wrap or sanitize the ingested content within the prompt instructions. * Capability inventory: Local file creation, GitHub issue creation via gh-cli, and Azure DevOps work-item creation via azure-devops-cli. * Sanitization: No explicit sanitization or validation of the ingested content is described in the workflow.
- [COMMAND_EXECUTION]: The skill utilizes external command-line interfaces including the GitHub CLI (gh) and Azure DevOps CLI (az) to submit documentation. These operations are performed to fulfill the skill's primary stated purpose of integrating with developer workflows.
- [DATA_EXFILTRATION]: As part of its standard functionality, the skill transmits generated content to external platforms like GitHub and Azure DevOps. While this is the intended behavior, it involves the movement of data derived from the local environment to cloud-based services.
Audit Metadata