planning-workflow
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides structured templates and instructions for a software development planning workflow. It does not include executable scripts, network operations, or access to sensitive system resources.
- [DATA_EXPOSURE]: The skill defines file paths for artifacts within a
.opencode/directory relative to the worktree root. This is a standard practice for project-specific metadata and does not expose sensitive user data like SSH keys or environment secrets. - [INDIRECT_PROMPT_INJECTION]: The templates are designed to ingest content from previous workflow artifacts (e.g., a Plan reading a Design Concept). While this creates a theoretical surface for indirect prompt injection, the skill lacks the necessary tool access (like shell execution or network calls) to turn such an injection into a functional exploit.
- Ingestion points: templates/design-concept.md, templates/outline.md, templates/plan.md, and templates/iterate.md all read from previously generated artifacts in the
.opencode/directory. - Boundary markers: The templates do not define explicit boundary markers to segregate ingested content from instructions.
- Capability inventory: No subprocess calls, network operations, or sensitive file writes are present in any files.
- Sanitization: No explicit sanitization of ingested content is performed.
Audit Metadata