create-a-plan
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest untrusted data from local files, creating a surface for indirect prompt injection.\n
- Ingestion points: Specifically reads files such as SPEC.md, PLAN.md, and RFC.md provided by the user.\n
- Boundary markers: No explicit delimiters or instructions are used to isolate content read from files from the agent's core instructions.\n
- Capability inventory: The skill is limited to technical interviewing and file writing (PLAN.md). It lacks high-risk capabilities like arbitrary shell execution or network access.\n
- Sanitization: No sanitization or verification of the content within the ingested files is performed.\n- [Data Exposure & Exfiltration] (SAFE): Analysis confirms the skill only accesses project-specific documentation and does not attempt to read sensitive system files or establish network connections.\n- [Remote Code Execution] (SAFE): No patterns for downloading or executing remote code were found.
Audit Metadata