create-plan
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill's core workflow involves analyzing codebase content to generate implementation plans, which introduces a surface for indirect prompt injection (Category 8). Maliciously crafted data in the analyzed source code could potentially influence the agent's plan generation.
- Ingestion points: The agent uses
search,sem_search, andreadtools to research the project's files as instructed in SKILL.md. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between codebase content to be analyzed and instructions to be followed.
- Capability inventory: The skill can create and write Markdown files to the
plans/directory and execute shell scripts to validate those plans. - Sanitization: Content retrieved from the codebase is not sanitized or filtered for instruction-like patterns before being processed by the agent.
- [COMMAND_EXECUTION]: The skill includes shell scripts (
validate-plan.shandvalidate-all-plans.sh) that the agent is instructed to run to verify the structural integrity and quality of generated plans. - Execution method: Scripts are called directly via the shell tool to process the newly created plan files.
- Security posture: The scripts utilize standard Unix utilities like
grep,sed, andcatwith appropriate quoting on variables to prevent command injection from file paths. The use ofchmod +xin 'validate-all-plans.sh' is limited to the skill's own internal components, which is standard for local tooling.
Audit Metadata