dev-planner
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's setup instructions involve downloading Markdown files and templates from the author's official GitHub repository (github.com/cat9999aaa/dev-planner-skill). These files are central to the skill's planning and documentation generation workflow.- [COMMAND_EXECUTION]: The skill orchestrates development by generating code and then executing it or running tests via environment tools like bash_tool, git, and npm. This grants the agent broad control over the terminal for dependency management and project building.- [PROMPT_INJECTION]: The skill uses web search and fetch tools to research documentation and resolve technical errors. This introduces a surface for indirect prompt injection, where malicious instructions on external websites could potentially influence the agent's behavior during the development phase.- [COMMAND_EXECUTION]: The prompt explicitly instructs the AI to use shell command fallbacks if preferred tools (like GitHub or Docker) are not available, which increases the capability for arbitrary command execution based on generated content.
Audit Metadata