overseer-plan
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and executes JavaScript code snippets to interact with the Overseer MCP API. It performs file system operations via the Read tool and interacts with local Version Control Systems (Git or Jujutsu) to create bookmarks and commit changes when starting or completing tasks through the tasks.start and tasks.complete methods.
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it ingests and processes untrusted data from external markdown files to automate task creation and hierarchy breakdown.
- Ingestion points: The agent reads the content of a markdown file provided as a path argument in the /overseer-plan command (referenced in implementation.md, Step 1).
- Boundary markers: There are no explicit boundary markers or instructions provided to the agent to ignore embedded commands or instructions within the markdown file being parsed.
- Capability inventory: The agent has the capability to create, update, search, and delete tasks in a local SQLite database, and perform VCS commands (commit, bookmark) through the provided task API.
- Sanitization: The skill does not implement sanitization or validation for the content extracted from the markdown file before using it to define task descriptions or storing the full content in task context fields.
Audit Metadata