plan-from-prd
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill follows standard procedures for an AI agent to assist in development workflows by analyzing provided documentation and current codebase architecture.
- [DATA_EXPOSURE]: The skill requests access to the local codebase to understand architecture and integration layers. This is limited to the agent's current workspace and is used solely to inform the generation of the implementation plan.
- [COMMAND_EXECUTION]: The skill suggests using a subagent or tools to explore the codebase. These are standard operations for development agents to perform context retrieval and do not include arbitrary or dangerous shell commands.
- [INDIRECT_PROMPT_INJECTION]: The skill processes PRDs, which are external data sources that could contain malicious instructions. However, the skill acts as a planning assistant writing to local Markdown files and does not possess capabilities (like network exfiltration or execution of the generated plan) that would make this surface highly exploitable.
Audit Metadata