create-plan
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to read and follow conventions from external files such as 'AGENTS.md' and files within '.chalk/.cursor/plans/'. This creates an indirect prompt injection surface where a malicious actor who can modify these files could potentially influence the agent's output or behavior during the plan creation process.
- Ingestion points: Reads from 'AGENTS.md' and the '.chalk/.cursor/plans/' directory.
- Boundary markers: None specified in the instructions to distinguish between trusted instructions and data from these files.
- Capability inventory: Uses 'Read', 'Glob', and 'Write' tools to manipulate the file system.
- Sanitization: No evidence of sanitization or validation of the content retrieved from these external files.
Audit Metadata