project-planner
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core functionality involves processing untrusted external data provided by users to generate project plans.
- Ingestion points: The skill documentation explicitly instructs users to upload demand documents, design drafts, and technical solutions for analysis in
SKILL.md. - Boundary markers: The instructions lack explicit delimiters or specific guardrails to differentiate between user-provided data and the agent's internal logic, increasing the risk that embedded instructions in documents could be obeyed.
- Capability inventory: The agent is granted access to high-capability tools including
Bash,Write,Edit, andTodoWrite(as seen in theallowed-toolsmetadata), which provides a significant impact vector if an injection occurs. - Sanitization: There is no evidence of content sanitization or validation of the input documents before they are read and processed by the agent.
Audit Metadata