plot
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local bash scripts (
plot-pr-state.sh,plot-impl-status.sh,plot-review-status.sh) to automate git and GitHub CLI operations. These scripts use double-quoting for all shell variables and employ strict regular expressions (e.g.,grep -oE '#[0-9]+'andgrep -oE 'status: [a-z-]+') to sanitize data extracted from markdown files before it is passed to commands, preventing potential injection attacks. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it reads and processes project-internal markdown files (
docs/plans/,docs/sprints/). While these files could contain malicious instructions from repository contributors, the skill's scripts implement structural validation of parsed fields, and the workflow is designed for user-supervised project management. - Ingestion points:
scripts/plot-review-status.shparses sprint files;scripts/plot-impl-status.shparses plan files. - Boundary markers: None. Data is parsed from standard Markdown files.
- Capability inventory: Pull request management (merging, status checks), branch creation, and git pushes via
ghandgitCLI tools. - Sanitization: Regular expressions are used to ensure only specific characters (digits, hyphens, alphanumeric slugs) are extracted from files for use in shell commands.
- [SAFE]: No hardcoded credentials, sensitive file path access, or unauthorized network operations were detected. All external interaction is conducted through well-known, trusted tools (GitHub CLI) targeting the official GitHub service.
- [SAFE]: No obfuscation techniques, such as Base64 encoding of commands, zero-width characters, or homoglyphs, are present in the skill's files or helper scripts.
Audit Metadata