pageplan
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted data from user-provided context files and project documents into its plan generation logic.
- Ingestion points: User-specified files (prefixed with '@') and project files such as proposal.md and tasks.md are read in 'references/generation-steps.md'.
- Boundary markers: There are no explicit instructions or delimiters used to separate user-provided data from system instructions.
- Capability inventory: The agent is granted the 'Read', 'Write', 'Glob', and 'Grep' tools to perform its tasks.
- Sanitization: No validation or sanitization is performed on the content of the ingested files to prevent embedded instructions from influencing the agent's behavior.
- [SAFE]: No evidence of direct prompt injection, credential exposure, or malicious command execution was found. The skill operates without network access, preventing any potential for data exfiltration.
Audit Metadata