planify
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The instructions include a directive for the agent to 'forget previous context' when executing tasks. In this specific use case, this is a functional design pattern intended to ensure task atomicity and prevent context-window pollution, rather than an attempt to bypass safety guardrails.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses the capability to modify the instructions (
SKILL.md) of other skills within the project. This is the primary intended function of the 'planify' tool. While this represents a high-privilege instruction-writing surface, the template provided inplanify-template.mdis focused solely on task management and does not contain malicious code. - [DATA_EXPOSURE]: The skill reads existing skill definition files and writes metadata to a local configuration directory (e.g.,
.claude/plan/). It does not access sensitive system paths, environment variables, or user credentials. - [PRIVILEGE_ESCALATION]: The skill modifies the project's
.gitignorefile to exclude its internal tracking directory and performs file deletions for 'old plan' cleanup. These actions are documented as part of its core functionality and do not attempt to gain unauthorized system permissions. - [COMMAND_EXECUTION]: The skill uses file-system operations (read, write, delete) to manage its state. No arbitrary shell command execution or external script invocation patterns were detected.
Audit Metadata