plan-self-review
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill processes project plans and design documents for refinement, which presents a surface for indirect prompt injection. 1. Ingestion points: Reads output from CreatePlan and contents of DESIGN.md/docs/design.md. 2. Boundary markers: No delimiters or warnings to ignore instructions within the processed files are specified. 3. Capability inventory: Instructions require the agent to edit local project documentation. 4. Sanitization: No explicit validation or sanitization of the plan content is performed.
- [NO_CODE]: The skill consists entirely of markdown instructions and contains no executable scripts or logic.
- [SAFE]: No active malicious patterns, remote downloads, or credential exposures were detected in the skill's instructions.
Audit Metadata