plan-hard
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a structured planning workflow that emphasizes documentation, user validation, and rigorous research.- [COMMAND_EXECUTION]: The skill executes a local configuration script (
node .claude/scripts/set-active-plan.cjs) to manage the active plan directory. This is part of its core functionality for state management.- [EXTERNAL_DOWNLOADS]: UsesWebSearchandWebFetchtools for legitimate market research and technology evaluation during the planning phase. No arbitrary remote code execution was detected.- [DATA_EXFILTRATION]: No patterns of sensitive data access (such as credentials) or exfiltration to unauthorized domains were found.- [PROMPT_INJECTION]: The skill uses strong instructional language to guide the agent's workflow but does not attempt to bypass safety filters or override system constraints.- [INDIRECT_PROMPT_INJECTION]: The skill reads external data from the web and project files, creating a surface for indirect instructions. However, it incorporates multiple human-in-the-loop checkpoints and validation steps (AskUserQuestion,/plan-review) to mitigate risks.
Audit Metadata