mdplane-cli
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE] (SAFE): No evidence of hardcoded credentials, malicious downloads, or unauthorized command execution was found. The skill includes specific rules to avoid leaking API keys or session tokens and follows least-privilege principles.
- [Indirect Prompt Injection] (LOW): The skill exposes an indirect prompt injection surface through its file-reading capabilities.
- Ingestion points: The agent is instructed to use
read,cat, andsearchcommands (defined inreferences/command-surface.md) which ingest content from workspace files into the agent's context. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are defined in the skill logic in
SKILL.md. - Capability inventory: The agent has access to powerful mutation and exfiltration commands, including
write,rm,mkdir,mv, andexport(identified inreferences/command-surface.md). - Sanitization: There is no evidence of content sanitization or validation performed on data retrieved from the workspace.
Audit Metadata