planning-validate
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill ingests and evaluates data from multiple external project documents, which could be used to deliver hidden instructions to the agent. * Ingestion points:
spec.md,plan.md,data-model.md, and thecontracts/directory. * Boundary markers: Absent; the skill does not define clear delimiters or specific instructions to ignore embedded commands within the analyzed artifacts. * Capability inventory: File system read access and output generation based on the analysis of text content. * Sanitization: Absent; there is no mention of content filtering, escaping, or schema validation for the ingested markdown files. - [DATA_EXFILTRATION] (SAFE): While the skill reads sensitive planning documents, no patterns of network transmission or data exfiltration were detected in the provided documentation.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill mentions an external dependency (
check-prerequisites.sh) and a repository for context, but these are presented as installation requirements rather than hidden runtime code execution or unauthorized downloads.
Audit Metadata