project-planner
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill monitors external files and git repository state to suggest actions, which exposes it to potential indirect injection via crafted file content or commit messages.
- Ingestion points:
docs/PLAN.md(content and metadata),git log(commit messages), andgit status(file lists). - Boundary markers: None are specified; the logic relies on raw output from git commands and file reads.
- Capability inventory:
Read,Glob,TaskList,TaskCreate. These tools allow file system navigation and task management but do not include high-risk command execution or network access. - Sanitization: No sanitization or escaping of processed data is documented.
Audit Metadata