Skills
skills/chandima/opencode-config/planning-doc/Gen Agent Trust Hub

planning-doc

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill instructions require the agent to execute a command provided in the Validate: field of the PLAN.md file. This creates an indirect prompt injection surface where the agent might obey instructions embedded in data.
  • Ingestion points: The agent retrieves data from PLAN.md located in the docs/plans/ directory using the Read or Grep tools.
  • Boundary markers: No boundary markers or explicit instructions to ignore nested commands are provided in the skill instructions.
  • Capability inventory: The agent has access to Bash (restricted to git commands), Read, Glob, and Grep tools.
  • Sanitization: The skill does not implement sanitization for the extracted validation command string before it is passed to the shell.
  • [COMMAND_EXECUTION]: The skill relies on executing shell commands to manage git state, detect drift, and validate task completion. While these are necessary for the skill's purpose, the execution of dynamic content from files increases the overall attack surface.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 07:26 AM