plans-management
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFE
Full Analysis
- General Security (SAFE): The skill and its references focus exclusively on the intended purpose of managing a markdown-based task list. No evidence of prompt injection or malicious overrides was found.
- Data Exposure & Exfiltration (SAFE): The skill does not access sensitive files (e.g., SSH keys, .env) and performs no network operations. It strictly interacts with project task files.
- Dynamic Execution & Remote Code (SAFE): While the skill contains logic for parsing flags (in 'parse-work-flags.md'), it does not execute arbitrary code or download external scripts. The pseudocode provided is for instructional logic and not for runtime execution.
- Indirect Prompt Injection Surface (SAFE): The skill ingests untrusted data from user prompts and the 'Plans.md' file itself. Although it lacks specific sanitization or boundary markers, the potential impact is limited to the modification of the task file, as the skill lacks high-privileged capabilities like shell access or network connectivity.
- Evidence Chain for Surface: (1) Ingestion points: Plans.md, user_prompt, feature_request. (2) Boundary markers: Absent. (3) Capability inventory: Read, Write, Edit tools. (4) Sanitization: Absent.
Audit Metadata