planning-architect
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- SAFE (SAFE): Analysis of README.md and templates/skill-plan-template.md confirms the absence of malicious logic, hardcoded credentials, or unauthorized network operations.
- Indirect Prompt Injection (LOW): The skill establishes a data ingestion surface through its planning workflow. 1. Ingestion points: Step 1 (Analyze Requirements) and Step 5 (Identify Dependencies) ingest untrusted user input. 2. Boundary markers: The template uses placeholders like [PROBLEM] but lacks explicit delimiters or instructions to ignore embedded prompts. 3. Capability inventory: The README indicates that the scripts/plan-skill.py script generates file output. 4. Sanitization: No sanitization logic is visible in the provided documentation or template.
- Unverifiable Dependencies & Remote Code Execution (LOW): The README instructs users to execute a local automation script (scripts/plan-skill.py). While the code for this script was not included in the analysis, the documentation describes it as an interactive CLI tool for plan generation.
Audit Metadata