plan-as-contract
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Prompt Injection (SAFE): The instructions are benign and focus on operational safety and user approval gates.
- No Code (SAFE): No executable scripts or binary files are included with this skill.
- Indirect Prompt Injection (LOW): The skill interacts with untrusted data from the repository, creating a potential surface for injection.
- Ingestion points: Repository files accessed via ReadFileSearch(*).
- Boundary markers: None present in the instructions.
- Capability inventory: Restricted to ReadFileSearch(*); no write, network, or execution tools are available to the skill.
- Sanitization: No sanitization of file content is defined. The risk is minimized by the lack of powerful tools.
Audit Metadata