check-plan
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands including
git status,git diff,grep, andlsto analyze the project repository. It also runs local build and validation scripts such asnpm run build,npm run lint, andtsc. These operations are performed within the local workspace context to verify the state of the code and are standard for a technical audit tool. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it is designed to ingest and process text from external sources like GitHub issue descriptions.
- Ingestion points: Data retrieved via
gh issue view <number>and text from user-defined plan files in the.plans/directory. - Boundary markers: There are no explicit delimiters or specific instructions for the agent to ignore potentially malicious content within the ingested issue text.
- Capability inventory: The skill possesses the ability to execute bash commands and perform file system read/write operations.
- Sanitization: No explicit sanitization or validation of the external content is defined before it is analyzed for requirements.
Audit Metadata