plot-approve
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs multiple Git and GitHub CLI operations to automate the approval and branch creation workflow.\n
- Evidence: Executes
git checkout,git push,gh pr merge, andgh pr createas detailed in Steps 3, 4, 5, and 7 ofSKILL.md.\n - External Dependency: The skill relies on an external shell script
../plot/scripts/plot-pr-state.sh. This is a vendor-provided tool that is part of the author's broader workflow.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it executes shell commands using data extracted from project files.\n - Ingestion points: Branch names and descriptions are parsed from the
## Branchessection of plan files indocs/plans/active/(Step 4).\n - Boundary markers: No explicit boundary markers or instructions to ignore embedded instructions are used when processing the plan file content.\n
- Capability inventory: The extracted strings are interpolated into
git checkout -bandgh pr create --titlecommands (Step 5).\n - Sanitization: There is no evidence of sanitization or escaping of shell meta-characters (e.g., backticks, quotes, semicolons) for the parsed strings before they are used in shell commands.
Audit Metadata