Skills
skills/catlog22/claude-code-workflow/workflow-lite-planex/Gen Agent Trust Hub

workflow-lite-planex

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes arbitrary shell commands defined in the execution_directives column of the tasks.csv file. These commands are generated by an LLM during the planning phase and executed by sub-agents via the spawn_agents_on_csv tool.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It performs a broad scan of the codebase (@**/*) and aggregates findings into a shared discovery board (discoveries.ndjson) and a prev_context field. This context is then used to prompt subsequent agents.
  • Ingestion points: The skill reads from the local file system (@**/*), discoveries.ndjson, and explore.csv.
  • Boundary markers: The instruction templates (buildExploreInstruction and buildExecuteInstruction) use markdown headers and horizontal rules to separate sections, but they lack explicit directives for the agent to ignore instructions embedded within the provided context.
  • Capability inventory: The skill and its sub-agents have access to powerful tools including Bash, Write, Edit, and spawn_agents_on_csv.
  • Sanitization: While the code uses csvEscape to ensure CSV integrity, there is no evidence of sanitization or filtering to prevent malicious instructions from the codebase from being treated as valid agent directives.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 09:00 AM