parallel-plan-feature
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted content from the codebase and user arguments.
- Ingestion points: User-provided feature description ($ARGUMENTS) and project files (openspec/project.md, architecture.summary.json).
- Boundary markers: The instructions do not define explicit delimiters or instructions to ignore embedded instructions in the ingested content.
- Capability inventory: The skill can execute git commands, local scripts, and register resource claims via the coordinator.
- Sanitization: No input sanitization or validation of the content being processed into proposals is specified.
- [COMMAND_EXECUTION]: The skill executes local git commands (git pull, git status) and runs specific validation scripts (scripts/validate_work_packages.py, scripts/parallel_zones.py) within the project's repository. These operations are within the expected behavior of the skill.
- [SAFE]: No remote code execution from unknown sources, hardcoded credentials, data exfiltration to external domains, or persistence mechanisms were detected. The scripts being executed are local vendor resources.
Audit Metadata