planning-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- General Security Assessment (SAFE): The skill consists of Markdown-based instructions that describe a three-step workflow. No code is shipped with the skill, and no malicious patterns such as obfuscation or prompt injection were detected.
- Indirect Prompt Injection (LOW): The skill is designed to ingest requirements to produce architectural plans. This creates an entry point for untrusted data. However, the skill does not include specific triggers or high-risk command logic that would escalate this beyond a baseline risk common to all LLM-based planning tasks.
- Tool Capability (SAFE): While the skill requests access to powerful tools like
BashandWebFetch, the instructions do not use them to perform any unauthorized operations, data exfiltration, or persistence mechanisms.
Audit Metadata