Skills
skills/jmagar/claude-box/validating-plans/Gen Agent Trust Hub

validating-plans

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from implementation plan documents.\n
  • Ingestion points: The skill ingests plan files from the local filesystem to be analyzed by sub-agents.\n
  • Boundary markers: Not implemented. The prompts to the TDD, Reality Check, and Drift Detection agents do not include delimiters or instructions to ignore instructions embedded within the analyzed content.\n
  • Capability inventory: The orchestrator has access to shell execution (bash), file modification (TodoWrite), and GitHub API interactions (gh CLI).\n
  • Sanitization: The skill does not sanitize the contents of the plan files before processing them or sending them to external tools.\n- [DATA_EXFILTRATION]: Content from local files is uploaded to GitHub issues.\n
  • The skill reads the entire content of a user-specified file and uploads it to a GitHub repository.\n
  • While the process requires user confirmation, it could lead to accidental data exposure if a sensitive file is targeted or if a malicious plan file tricks the user into a remote submission.\n- [COMMAND_EXECUTION]: Interaction with the system shell and GitHub CLI.\n
  • The skill utilizes bash scripts to verify the environment and extract metadata from plan files for use in the gh CLI.\n
  • Although variables are appropriately quoted in the documentation, the processing of untrusted file content for CLI arguments represents a potential surface for disruption.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 02:46 PM