plugin-planning
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting data from external files and passing it to a subagent via the Task tool.
- Ingestion points: The skill reads content from creative-brief.md, parameter-spec.md, and mockups/*.yaml files in the plugins/[Name]/.ideas/ directory.
- Boundary markers: No explicit delimiters or instructions to ignore embedded instructions within the ingested content are present in the dispatch pattern.
- Capability inventory: The agent has access to the Bash tool for shell commands, the Write and Edit tools for file modifications, the WebSearch tool for network access, and the Task tool for delegating tasks to other agents.
- Sanitization: No sanitization or validation of the input files is performed before they are interpolated into the prompt for the subagent.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool primarily for executing git commits and performing precondition checks, which are standard project management tasks.
- [EXTERNAL_DOWNLOADS]: The skill uses the WebSearch tool to conduct professional research on DSP architecture and plugin implementations, which is a legitimate and expected behavior for its stated purpose.
Audit Metadata