team-planex
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool across its worker roles to interact with the development environment. The executor role uses it to perform git commits and update issue statuses via the 'ccw' CLI. Both the planner and executor roles leverage the 'ccw' CLI tool for complex tasks like requirement analysis and code implementation.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) due to the processing of external user requirements.
- Ingestion points: Raw user input is accepted via arguments to the coordinator and processed in the planner role through text blocks or plan files.
- Boundary markers: No explicit delimiters or 'ignore' instructions are used to wrap user-provided data when it is interpolated into prompts for worker agents or the 'ccw' tool.
- Capability inventory: The agents possess powerful capabilities including Bash execution, agent spawning, and file system modifications (Write/Edit).
- Sanitization: The skill does not implement sanitization or validation of external input before it is used to drive agent actions.
Audit Metadata