project-planner
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (HIGH): Automated scans (URLite) have identified a blacklisted URL within the project resources (specifically flagged in the
requirements.mdcontext). This indicates a high risk of interaction with known malicious domains or command-and-control servers. - Privilege Escalation & Command Execution (MEDIUM): The documentation in
README.mdexplicitly instructs users to execute Python scripts (generate_project_docs.pyandvalidate_documents.py) for the skill to function. These scripts are missing from the analyzed package, which is a common indicator of hidden malicious behavior or an attempt to bypass static analysis of the primary execution logic. - Indirect Prompt Injection (LOW): This skill is vulnerable to Indirect Prompt Injection (Category 8) due to the following evidence:
- Ingestion points: User-defined project names, features, and component lists provided via command-line arguments as described in the
README.mdusage examples. - Boundary markers: None found in the
assets/requirements-template.mdfile; user-provided data is directly interpolated into placeholders without delimiters. - Capability inventory: The skill explicitly supports shell command execution (via documented Python scripts) and documentation generation meant for AI agents.
- Sanitization: There is no evidence of input validation, sanitization, or escaping within the provided templates to prevent malicious user input from being interpreted as agent instructions.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata