pr-plan
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of external research artifacts.
- Ingestion points: The skill processes output from a pr-research step, which likely contains data fetched from external, potentially untrusted, code repositories (SKILL.md).
- Boundary markers: The templates provided do not include specific boundary markers or instructions for the agent to ignore instructions embedded within the research data.
- Capability inventory: The skill has access to tools like Bash and Write, which could be misused if the agent obeys instructions found in the ingested data (SKILL.md).
- Sanitization: There is no evidence of input validation or sanitization for the research data before it is interpolated into the planning process.
Audit Metadata