planner
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection through the files it reads to generate implementation plans.
- Ingestion points: Reads
SPEC.mdandsurvey.mdfrom the project root. - Boundary markers: Absent. The skill does not define specific delimiters or instructions to ignore embedded commands within the read files.
- Capability inventory: The skill has the capability to read local files and write a new file (
plan.md) to the project root. - Sanitization: Absent. There is no evidence of validation or escaping for the content processed from external files.
Audit Metadata