plan-two
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill logic focus on planning, research, and documentation. It incorporates mandatory user review and validation steps (/plan-review and /plan-validate), ensuring that no actions are taken without oversight.- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external task descriptions and searching the codebase.
- Ingestion points: User-provided task descriptions via the
$ARGUMENTSvariable and files identified by thescoutsubagent during codebase searches. - Boundary markers: The input is wrapped in
<task>delimiters to separate data from instructions. - Capability inventory: The skill can create directories, read workspace files, and manage tasks via the
TaskCreatetool. - Sanitization: No explicit sanitization or filtering of input content is performed prior to processing by subagents.
Audit Metadata