audit-plan
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it is designed to ingest and analyze untrusted implementation plan files. This is inherent to its primary purpose of auditing plans.\n
- Ingestion points: Processes plan.md and phase-*.md files during Step 1 and Step 2.\n
- Boundary markers: Absent; instructions do not specify the use of delimiters for user content.\n
- Capability inventory: The skill utilizes tools such as Bash, Write, and Edit to perform its tasks.\n
- Sanitization: Content from analyzed files is processed directly without sanitization.\n- [COMMAND_EXECUTION]: The skill executes a local validation script using the uv run tool to check for placeholders in plan files.\n
- Evidence: uv run $CLAUDE_PROJECT_DIR/.claude/hooks/validators/validate_no_placeholders.py found in the Step 2 instructions.
Audit Metadata