Skills
skills/brite-nites/britenites-claude-plugins/refine-plan/Gen Agent Trust Hub

refine-plan

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes project plan files which are considered untrusted external data.
  • Ingestion points: The skill reads v1 plan files from the project root or the docs/ directory using the Read tool.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard potentially malicious commands embedded within the input plan files.
  • Capability inventory: The skill possesses the capability to search the filesystem (Glob, Grep) and write new files (Write), which could be leveraged if an injection is successful.
  • Sanitization: The instructions do not include steps to sanitize or validate the content of the input plan files before they are analyzed and used to generate the refined plan.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 08:06 PM