blueprint
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is composed entirely of markdown documentation. It does not include any executable scripts, shell commands, or binary files.
- [DATA_EXPOSURE]: While the skill mentions checking git and GitHub CLI authentication, this is a local check to determine the workflow type (branch-based vs. direct edit) and does not involve exfiltrating credentials to external servers.
- [INDIRECT_PROMPT_INJECTION]: The skill processes project structure and existing plans as input to generate new plans. While this represents a data ingestion surface, the risk is minimal as the output is restricted to markdown plan files and the skill does not possess autonomous execution capabilities that could be subverted.
- [REMOTE_CODE_EXECUTION]: There are no patterns of downloading and executing remote code. Installation instructions provided are manual git commands for the user to manage the skill's source files.
Audit Metadata