cc-cursor-cc
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its processing of conversation history.
- Ingestion points: Conversation context extracted in Step 1 (Goal, tech choices, etc.) from SKILL.md.
- Boundary markers: The templates provided in the skill do not use delimiters or instructions to prevent the agent from obeying instructions embedded in the extracted data.
- Capability inventory: The skill requests Read, Write, Edit, and Bash tools, which could be leveraged if an injection occurs.
- Sanitization: No sanitization or content validation is implemented for the data interpolated into Plans.md or the validation request.
- [NO_CODE]: The skill consists entirely of markdown instructions and templates for the AI agent and does not include any standalone scripts or executable files.
Audit Metadata