Skills
skills/endorhq/flightplanner/flightplanner/Gen Agent Trust Hub

flightplanner

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs extensive command execution, including running CLI tools, starting background servers, and executing git commands as part of the testing lifecycle.
  • [REMOTE_CODE_EXECUTION]: The skill generates executable shell scripts at runtime for 'PATH-based mocking' and executes them. This dynamic code generation and execution is a core feature used to simulate external dependencies.
  • [PROMPT_INJECTION]: The skill's 'spec-driven' architecture creates an attack surface where instructions embedded in untrusted E2E_TESTS.md files or project source code could influence the generated test code.
  • Ingestion points: E2E_TESTS.md files and project source code (analyzed via fp-init and fp-update-spec).
  • Boundary markers: Uses markdown headings and HTML comments for structure, but lacks explicit security boundaries to prevent instruction leakage from specifications to the code generator.
  • Capability inventory: Includes file system writes, process execution (runCommand), permission changes (makeExecutable), and network access via curl for verification.
  • Sanitization: No mention of sanitization or validation of specification content prior to code generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 09:22 AM