dev-plan
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs legitimate tasks related to software development planning and documentation. Its primary directive is to produce PRD files rather than executable code.
- [COMMAND_EXECUTION]: The skill utilizes Bash to execute internal utility scripts (
scripts/discover.shandscripts/validate.sh). These scripts facilitate project root discovery and feature name normalization. Path validation logic is implemented to ensure that generated files are stored only within the authorized.dev/directory, mitigating the risk of unauthorized filesystem access or path traversal. - [EXTERNAL_DOWNLOADS]: The researcher and planner sub-agents are equipped with
WebFetchandWebSearchcapabilities to gather information relevant to the planning task. This access is integral to the skill's primary research function and is accompanied by instructions to maintain privacy and exclude sensitive credentials from findings. - [DATA_EXFILTRATION]: No patterns indicative of sensitive data exposure or unauthorized network transmission were found. The skill and its sub-agents are governed by explicit privacy directives that mandate the use of placeholders for secrets, API keys, and personal information.
- [PROMPT_INJECTION]: The skill's instructions focus on structured task execution and do not contain patterns aimed at bypassing agent safety filters or overriding core behavioral constraints.
Audit Metadata