plan-prep
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill documents procedural use of internal search tools (
search,code_search,read_document). It contains no executable code, no unauthorized network requests, and no attempts to access sensitive system credentials.\n- [PROMPT_INJECTION]: The skill is subject to an indirect prompt injection surface because it reads and processes data from external sources (enterprise documents and code repositories).\n - Ingestion points: Data retrieved through
search,code_search, andread_documenttools as described in SKILL.md.\n - Boundary markers: Absent; the instructions do not define specific delimiters to wrap or identify potentially untrusted document content.\n
- Capability inventory: The skill uses tools for reading enterprise data; it does not contain capabilities for arbitrary command execution, file system modifications, or data exfiltration.\n
- Sanitization: Absent; the workflow does not include instructions for the agent to sanitize or validate the content of the documents it reads before synthesis.
Audit Metadata