tech-planner
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (MEDIUM): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted data from technical specifications and uses it to perform file-writing operations. * Ingestion points: Technical spec file read from user-specified path in SKILL.md. * Boundary markers: Absent; no delimiters are used to wrap the untrusted content. * Capability inventory: File system read (spec file, directory listing of docs/adr/) and file system write (tech.md, ADR markdown files). * Sanitization: Absent; the agent is not instructed to sanitize or validate the content or the 'feature-name' variable used in paths.
- COMMAND_EXECUTION (LOW): The skill performs file system operations including reading and writing files. The 'feature-name' extracted from untrusted specs is used to construct file paths, which could lead to path traversal if the agent lacks environment-level protections.
Audit Metadata