workflow-plan-phases
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection by processing untrusted user input from the description argument and writing it to local markdown files. This could allow malicious instructions to be passed through to downstream implementation agents. Ingestion points: User-provided description parameter in the command arguments of SKILL.md. Boundary markers: The skill does not define delimiters or specific 'ignore' instructions for the interpolated user content. Capability inventory: File-writing operations to the docs/plans/ directory. Sanitization: No input validation, escaping, or sanitization is performed on the user-provided text.
Audit Metadata