planner
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (LOW): The skill transforms untrusted project requirements into structured plans meant for execution by high-privilege skills like 'task-orchestrator'. This creates a multi-step injection chain risk.
- Ingestion points: Project requirements and codebase context during Phase 1 & 2.
- Boundary markers: No explicit delimiters or instructions to ignore embedded malicious text are defined in the template.
- Capability inventory: The generated output is consumed by the 'task-orchestrator' skill, which typically performs file system modifications and shell execution.
- Sanitization: No sanitization or validation of the input requirements is performed before they are interpolated into the plan.
- External Downloads (LOW): The documentation explicitly references and depends on external files (prompts/planner.md, prompts/parallel-task.md) derived from an untrusted GitHub repository (am-will/codex-skills). References to untrusted sources increase the risk of importing malicious logic.
Audit Metadata