Skills
skills/flight505/claude-project-planner/sprint-planning/Gen Agent Trust Hub

sprint-planning

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions to execute a local Python script (generate_schematic.py) using the Bash tool to create visual diagrams. This script is part of the project environment's skill structure.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface through the diagram generation command. It instructs the agent to pass a user-supplied "diagram description" directly into a shell command. If the input contains shell metacharacters and the agent does not perform sanitization, it could lead to unintended command execution.
  • Ingestion points: The text provided as a "diagram description" in SKILL.md.
  • Boundary markers: The example uses double quotes around the description, which offers limited protection against shell-level injection.
  • Capability inventory: The skill has access to the Bash tool for local script execution.
  • Sanitization: No explicit sanitization or validation steps are defined in the instructions for the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 11:16 AM