my-plan
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection (Category 8) because it processes untrusted project content.
- Ingestion points: The
Exploresubagent reads project-specific files includingREADME.md, configuration files, error logs, and recentgitactivity to gather context. - Boundary markers: The skill lacks explicit delimiters or specific instructions for the agent to disregard natural language instructions found within the analyzed files.
- Capability inventory: The skill has the authority to write files (
docs/plans/), track progress viaTodoWrite, and spawn additional subtasks. - Sanitization: Content retrieved from the file system is not sanitized or escaped before being synthesized into the context summary used for plan generation.
- [COMMAND_EXECUTION]: The skill uses a subagent to execute local discovery operations, including
git statusand file structure examination. These actions are performed to build the implementation context and are consistent with the skill's stated purpose.
Audit Metadata