plot-sprint
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs several command-line operations to manage the sprint lifecycle, including file system actions (mkdir, ln -s), shell command execution (date), and local script execution (skills/plot/scripts/plot-review-status.sh). It also performs Git operations such as add, commit, push, and rm directly on the main branch as part of its documented workflow.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface (Category 8) because it reads and processes external data from repository files.
- Ingestion points: The skill reads sprint files (docs/sprints/.md) and referenced plan files (docs/plans/active/.md) to parse task checkboxes, MoSCoW priorities, and status annotations.
- Boundary markers: Absent. The instructions do not define delimiters or specific warnings to ignore instructions that might be embedded in the processed Markdown files.
- Capability inventory: The skill has capabilities to modify the file system, perform Git commits and pushes, and execute local shell scripts.
- Sanitization: The skill uses basic parsing for slugs (trimmed, lowercase, hyphens only) and MoSCoW tiers, but does not perform deep sanitization of the content within the plan files it reads.
Audit Metadata