planning-github-task
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface due to the way it ingests and processes external data and codebase content.
- Ingestion points: Untrusted data enters the agent context through the parsing of
docs/<ISSUE_SLUG>-tasks.mdinexecution-prepper.mdand through broad codebase inspection inexecution-planner.mdandtest-strategist.md. - Boundary markers: The instructions for the orchestrator and its subagents lack explicit delimiters or specific warnings to ignore instructions embedded within the ingested task data or code comments.
- Capability inventory: The skill is capable of reading any file in the local project and writing planning documents to the
docs/directory. - Sanitization: No sanitization, escaping, or validation logic is defined to prevent malicious content in the input files from influencing the generated planning artifacts.
Audit Metadata