work-plan
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
git branch --show-currentto automatically determine the active feature context from the local environment. - [DATA_EXPOSURE]: Reads project-specific metadata from files such as
tasks.md,spec.md, and test specifications. These operations are limited to the local repository and are consistent with the skill's primary purpose of tracking feature development. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted data from project files.
- Ingestion points: Reads
{feature-path}/tasks.md,{feature-path}/spec.md, andspecs/tests/{feature-id}.mdinSKILL.md(Step 2). - Boundary markers: None present; the skill treats file content as trusted input for parsing.
- Capability inventory: The skill has the ability to write files (
work-plan.md) and suggest commands for implementation, but it does not execute these implementation commands automatically. - Sanitization: No specific sanitization or escaping of file content is performed prior to interpolation into the output template.
- Assessment: Since the skill's primary purpose is to process these files for project management and the results are presented to the user for review, the severity is minimal.
Audit Metadata