deep-plan
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands for project discovery and research.
- Evidence: Uses
cat,find,grep,git log, andlsto inspect the file system and project history. - Evidence: Utilizes
python3 -cone-liners to parse and extract specific fields frompackage.jsonandtsconfig.jsonfiles. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface because it reads external project files and interpolates their content into an internal prompt used to generate plans.
- Ingestion points: Reads content from
README.md,package.json,CLAUDE.md, and arbitrary source files discovered during the research phase. - Boundary markers: While the skill uses structured prompt templates and optional XML tags for context, it lacks specific instructions for the AI to ignore instructions found within the ingested data.
- Capability inventory: The skill can execute shell commands for discovery, read/write files (such as
plan.md), and interact with the session workspace's SQLtodostable. - Sanitization: No sanitization or validation is performed on the data read from files before it is processed by the AI to create the implementation plan.
Audit Metadata