plan-writing
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- SAFE (SAFE): No security threats detected. The skill consists of instructional content for planning and organizing tasks. It utilizes read-only tools (Read, Glob, Grep) which pose no risk of data modification or exfiltration.
- INDIRECT_PROMPT_INJECTION (LOW): The skill instructs the agent to create plan files in the project root based on a 'task-slug'. If an agent uses unsanitized external input as a task name, it could potentially lead to path traversal attempts, although the skill itself does not possess the tools to perform write operations.
- ENVIRONMENT_DEPENDENCY (INFO): The skill references external scripts like 'security_scan.py' for task verification. These are mentioned as examples of project-specific tools the agent should look for or include in its plan, rather than scripts provided or executed by the skill itself.
Audit Metadata