research-plan-implement
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill processes untrusted codebase data which presents an injection surface. This finding is classified as SAFE as it is inherent to the skill's primary purpose of code research and implementation. 1. Ingestion points: Phase 1 Research phase reads external codebase files via Explore sub-agents. 2. Boundary markers: Uses markdown templates for findings but lacks explicit instructions to ignore embedded instructions in data. 3. Capability inventory: Access to file reading and Bash execution for implementation. 4. Sanitization: None present.
- [Command Execution] (SAFE): The skill involves generating and executing code via Bash. This is a primary function for its software development use case and is subject to human review of the generated plan.
- [Data Exposure] (SAFE): Codebase access is performed for local research context only, with no patterns suggesting exfiltration to external domains.
Audit Metadata