create-plans
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to execute arbitrary shell commands as part of its 'Execute Phase' workflow. It utilizes command-line interfaces for various platforms (e.g., npm, vercel, gh, stripe, pscale) to perform tasks such as deployment, dependency installation, and infrastructure management.
- [CREDENTIALS_UNSAFE]: The 'Authentication Gates' logic in the CLI automation and execution workflows prompts the user to provide sensitive credentials, such as Stripe API secret keys, when an authentication error is detected. The agent then writes these secrets directly to local .env files.
- [COMMAND_EXECUTION]: The 'Deviation Rules' defined in the execution workflow authorize the agent to autonomously perform actions classified as 'Auto-fix bugs,' 'Auto-add missing critical,' or 'Auto-fix blockers' during the execution of a plan. These rules allow for code modifications and command executions without a mandatory user confirmation gate.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by ingesting and processing untrusted project data, including source code and previous planning artifacts (e.g., BRIEF.md, ROADMAP.md, and files in the src/ directory). This content is interpolated into execution prompts for subagents without explicit sanitization or strict boundary enforcement, potentially allowing malicious content within project files to influence agent behavior.
Audit Metadata