project-planner
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill explicitly allows the 'Bash' tool in its configuration. While intended for project-related tasks like creating directories or managing files, it grants broad system access that could be abused.
- [PROMPT_INJECTION] (LOW): Category 8 (Indirect Prompt Injection) risk is present because the skill encourages users to upload external reference documents (requirements, designs, or technical schemes). Evidence Chain: 1. Ingestion points: 'Reference documents' and 'Project background' instructions in the SKILL.md. 2. Boundary markers: Absent (no instructions to ignore embedded commands in user files). 3. Capability inventory: High-privilege access to 'Bash', 'Write', 'Edit', and 'TodoWrite'. 4. Sanitization: Absent. This combination allows an attacker to potentially embed commands in a project document that the agent might execute via the Bash tool.
Audit Metadata