plan-review
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from untrusted documents found in the workspace.
- Ingestion points: Reads implementation plans, design documents, and specifications (e.g.,
*plan*.md,*design*.md) from the workspace. - Boundary markers: The instructions do not define specific delimiters or instructions to ignore embedded commands within the processed plans.
- Capability inventory: The skill uses file-read capabilities to verify references and inspect plan content.
- Sanitization: No sanitization or validation of the plan content is performed before the agent processes it for review.
Audit Metadata