planning
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE]: The skill is entirely composed of markdown-based instructions, guidelines, and templates. It does not include any scripts, compiled binaries, or remote dependencies.
- [PROMPT_INJECTION]: The design of the skill involves the agent reading and writing project context to local files (e.g., task_plan.md, findings.md) based on external inputs. This creates a surface for indirect prompt injection where malicious instructions in analyzed content could be persisted and later influence agent decisions.
- Ingestion points: The agent reads task_plan.md, findings.md, and progress.md; external files and research data are used to populate these.
- Boundary markers: The templates use standard markdown headers and tables.
- Capability inventory: The agent utilizing this skill has file system access and potentially broader execution capabilities.
- Sanitization: No explicit sanitization or instruction to ignore embedded directives in external content is present.
Audit Metadata