Skills
skills/jellydn/my-ai-tools/plannotator-review/Gen Agent Trust Hub

plannotator-review

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the plannotator review command in the shell. This is the primary functionality of the skill and is considered safe as it utilizes the author's own tool.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it processes feedback from an external source.
  • Ingestion points: The agent ingests data from annotations and comments provided through the Plannotator UI as described in the process section of SKILL.md.
  • Boundary markers: There are no delimiters or instructions provided to the agent to help it distinguish between data and potentially malicious instructions within the feedback.
  • Capability inventory: The skill has the capability to execute shell commands via the plannotator utility.
  • Sanitization: There is no evidence of input validation or sanitization for the review comments before they are handled by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 07:44 AM