create-a-plan
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user-provided content (specs, descriptions, or feature requests) without explicit boundary markers or instructions to ignore embedded commands. If a processed file contains malicious instructions, the agent might follow them during the planning process.
- Ingestion points: User-provided descriptions or file paths (e.g., SPEC.md, PLAN.md, RFC.md) in Phase 0 and Phase 4.
- Boundary markers: Absent; the instructions do not differentiate between system instructions and content within provided spec files.
- Capability inventory: File system read access for specs and write access for PLAN.md, plus user interaction tools.
- Sanitization: Absent; the skill does not validate or sanitize input content.
Audit Metadata