create-a-plan
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes user-provided files (e.g., SPEC.md, PLAN.md) to extract project goals and constraints, which acts as an ingestion surface for untrusted data.
- Ingestion points: Phase 0 reads file paths provided by the user.
- Boundary markers: Absent; the skill does not use explicit delimiters or instructions to ignore embedded prompts within the source files.
- Capability inventory: The skill identifies verification commands to be written into PLAN.md and uses conversational tools like AskUserQuestion; it does not possess direct subprocess or network execution capabilities.
- Sanitization: The skill does not perform sanitization or validation on the content of the ingested files before incorporating the information into the planning process.
Audit Metadata