sprint-planner
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- No Code (SAFE): The skill consists exclusively of Markdown documentation and YAML templates. There are no scripts, binaries, or installation procedures that could execute malicious logic on a host system.
- Indirect Prompt Injection (LOW): The skill is designed to ingest and process external plans to generate sprint definitions, which introduces an indirect injection surface.
- Ingestion points: The workflow in SKILL.md reads untrusted plan data from the $ARGUMENTS variable or user descriptions.
- Boundary markers: The skill lacks explicit boundary markers or instructions to the agent to disregard instructions embedded within the ingested plan data.
- Capability inventory: While the planner skill itself only generates text, the workflow it defines for the agent includes high-privilege capabilities such as running build commands, git operations, and potentially making network requests (as seen in the example success metrics).
- Sanitization: There is no mechanism within the skill to sanitize or validate the content of the plan before it is processed by the agent.
Audit Metadata