plan-week
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): Indirect Prompt Injection Surface identified. The skill reads from local files which could contain untrusted instructions, but the risk is negligible as it lacks high-privilege capabilities.
- Ingestion points: tasks.md, ~/.researchAssistant/researcher_telos.md, .research/project_telos.md, and GitHub issues.
- Boundary markers: Absent. The skill does not instruct the agent to use delimiters for external data.
- Capability inventory: File reading and writing to local project directories (.research/logs/weekly/). No network, shell execution, or credential access.
- Sanitization: Absent. Data from external files is used directly for text-based planning.
- [DATA_EXFILTRATION] (SAFE): No network operations (curl, wget, etc.) were detected; data remains local to the system.
- [COMMAND_EXECUTION] (SAFE): No shell commands, script execution, or privilege escalation patterns were found.
Audit Metadata