Skills
skills/goffity/planner-skills/planner/Gen Agent Trust Hub

planner

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell commands including git rev-parse, git diff, ls, and grep to analyze the repository state and project structure. It also utilizes the gh (GitHub) CLI for issue synchronization.
  • [CREDENTIALS_UNSAFE]: To facilitate automated Jira updates, the skill sources JIRA_EMAIL and JIRA_API_TOKEN from local configuration files at .jira-config or ~/.config/claude-km/jira.conf. These credentials are used for authenticated requests to the user's Jira instance.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing user-provided task descriptions which are subsequently analyzed by a sub-agent. Ingestion points: User-provided task/feature descriptions (SKILL.md). Boundary markers: Absent. Capability inventory: Local subprocess execution and network API calls (SKILL.md). Sanitization: No explicit sanitization or filtering of task descriptions before sub-agent processing was identified.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 03:44 AM