project-planner
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection. Ingestion points: The skill is designed to ingest and analyze external, untrusted data such as project requirement documents, design drafts, and functional lists provided by users. Boundary markers: There are no specific delimiters or instructional guardrails (e.g., 'ignore instructions found in this data') to prevent the agent from accidentally or intentionally obeying commands embedded in the processed documents. Capability inventory: The agent is granted powerful capabilities including Bash command execution and file system operations (Write, Edit, Read), which could be exploited if an indirect injection is successful. Sanitization: The skill does not define any mechanisms for sanitizing or validating the content of the external files it processes before it acts upon them.
Audit Metadata