claude-planner
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The script 'scripts/plan.sh' ingests untrusted data from user-specified files or stdin and pipes it directly into the 'claude' CLI tool. This creates a potential surface where malicious instructions embedded in the planning question could influence the behavior of the underlying LLM agent.
- Ingestion points: The 'QUESTION_FILE' argument in 'scripts/plan.sh'.
- Boundary markers: Absent; the script does not use delimiters or warnings to isolate the untrusted question text.
- Capability inventory: The 'claude' CLI (using Opus 4.5) is a high-capability agentic tool that can explore repositories and design implementation strategies.
- Sanitization: Absent; the input text is passed as-is to the external process.
- External Dependencies (SAFE): The skill requires a pre-installed 'claude' binary and does not perform any dynamic downloads or installations from untrusted sources at runtime.
Audit Metadata