planning-tasks
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Vulnerable to Indirect Prompt Injection via untrusted input files.
- Ingestion points: The skill reads
design.mdanddefinition.mdfrom directories that may be influenced by external contributors. - Boundary markers: Absent. No delimiters or specific instructions are provided to the agent to treat the input as untrusted data or ignore embedded instructions.
- Capability inventory: The skill has the capability to read any file in the codebase and write to the filesystem. It specifically generates validation commands meant for direct execution by downstream agents.
- Sanitization: Absent. There is no mechanism to validate or escape malicious content that might be present in the source design documents, which could lead to the generation of harmful execution commands.
Audit Metadata