planning
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): High risk of Indirect Prompt Injection. 1. Ingestion points: The skill reads external reports (researcher-XX-report.md, scout-XX-report.md), codebase documentation, and development rules. 2. Boundary markers: None present to distinguish instructions from data. 3. Capability inventory: The skill can write files to the 'plans/' directory and execute local scripts via Node.js. 4. Sanitization: No sanitization or filtering of ingested report content is implemented.
- [COMMAND_EXECUTION] (MEDIUM): The skill executes a local script '.claude/scripts/set-active-plan.cjs' using Node.js. If the '{plan-dir}' argument is derived from untrusted user input or malicious content in ingested reports, it may be subject to argument injection or path traversal.
Recommendations
- AI detected serious security threats
Audit Metadata