structured-autonomy-generate
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through input plan files.\n
- Ingestion points: The agent reads instructions from
plans/{feature-name}/plan.mdto drive the generation process.\n - Boundary markers: There are no explicit delimiters or instructions to ignore nested commands within the plan file content.\n
- Capability inventory: The skill performs codebase research using
runSubagentand writes output toplans/{feature-name}/implementation.md.\n - Sanitization: No sanitization or verification of the plan file content is performed before processing.\n- [EXTERNAL_DOWNLOADS]: The skill's research task includes fetching official documentation for major libraries and frameworks. This is a standard procedure for gathering API specifications from well-known and trusted technology services.
Audit Metadata