cto-plan-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external project files.
- Ingestion points: Technical plans and specifications are loaded from
plan.md,spec.md, andconductor/configuration files (SKILL.md, Step 1). - Boundary markers: The skill lacks explicit delimiters or instructions to the agent to ignore potential instructions embedded within the analyzed documents.
- Capability inventory: The skill's functionality is limited to reading local files and generating a markdown report; it lacks network access, shell execution privileges, or arbitrary file-write capabilities.
- Sanitization: There is no evidence of input validation or content filtering for the processed markdown files.
Audit Metadata