platonic-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a coordinated four-phase development process. No patterns of prompt injection, role-play bypass, or safety guideline overrides were detected.
- [SAFE]: File system interactions are restricted to local documentation directories (
docs/drafts/,docs/specs/,docs/impl/) and the project codebase. No network operations, credential exposures, or sensitive file access (e.g., SSH keys, AWS config) occur. - [SAFE]: The skill manages internal dependencies within the vendor ecosystem (platonic-specs, platonic-impl, platonic-code-review) for code generation and review. These are well-scoped and do not involve remote code execution from untrusted sources.
- [SAFE]: The skill has an indirect prompt injection surface (Category 8) because it processes local documentation to influence code generation. (1) Ingestion points:
docs/drafts/,docs/specs/, and the codebase. (2) Boundary markers: Not explicitly defined. (3) Capability inventory: Code generation and file-writing via internal skills. (4) Sanitization: Not explicitly present in the workflow. This surface is standard for local development tools and is mitigated by the structured process and user confirmation gates.
Audit Metadata