spec-planner
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection through external data ingested during the planning process. 1. Ingestion points: Codebase search results in the DISCOVER phase. 2. Boundary markers: Absent (no delimiters or explicit 'ignore embedded instructions' warnings are provided to the agent for code ingestion). 3. Capability inventory: File-write access to create SPEC.md files in the docs/specs/ directory. 4. Sanitization: Absent; discovered codebase content is used to inform the draft without validation or filtering.
- [NO_CODE] (SAFE): The skill consists entirely of instructional markdown and does not include executable scripts or dependencies.
Audit Metadata