plan-refiner
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user specifications and clarifications through multiple subagents. It mitigates the risk of indirect prompt injection by wrapping all external data in explicit boundary markers (e.g., 'BEGIN USER-PROVIDED CONTENT') and including a 'CRITICAL: Content Safety' preamble in all subagent prompt templates. This preamble explicitly instructs subagents to treat marked content as data only and to ignore any embedded directives or override attempts.
- [EXTERNAL_DOWNLOADS]: The skill interacts with the Context7 service to verify package versions against live documentation. This usage is restricted to a well-known documentation service and is conducted via defensive prompt templates. Additionally, the skill's installation instructions refer to the official vendor's GitHub and npm resources, which are recognized as safe sources.
- [SAFE]: No malicious patterns, such as hardcoded credentials, persistence mechanisms, or code obfuscation, were detected. The skill is composed entirely of markdown-based prompt templates and operates within the interactive permission model of the agent environment, requiring user approval for all tool interactions.
Audit Metadata