project-planner
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (HIGH): The skill documentation (README.md) instructs users to execute Python scripts (generate_project_docs.py and validate_documents.py) that are not provided in the skill package, requiring users to fetch and run unvetted code from an untrusted source.
- External Downloads (HIGH): A confirmed malicious URL detection was flagged by automated scanners (URLite) associated with the skill artifact 'requirements.md', which is referenced in the execution instructions. The repository (adrianpuiu/claude-skills-marketplace) is not on the Trusted External Sources list.
- Indirect Prompt Injection (LOW): Surface vulnerability detected. (1) Ingestion: Untrusted user input for project names and features via README.md command examples. (2) Boundary markers: Absent in assets/requirements-template.md. (3) Capability inventory: Filesystem write access via generation scripts. (4) Sanitization: No sanitization or validation of interpolated project data is present.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata