stage-plan
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest and process untrusted user data to generate planning documents. (1) Ingestion points: High-level or vague user requests (referenced in SKILL.md). (2) Boundary markers: Absent; there are no specified delimiters to separate untrusted content from the system instructions. (3) Capability inventory: The skill specifies 'Do NOT write any code' and contains no network, file-write, or subprocess capabilities. (4) Sanitization: No sanitization or validation of input data is performed.
- No Code (SAFE): The skill includes strict rules against code generation and architecture design, which serves as a control against most high-severity attack vectors in agent skills.
Audit Metadata