validating-plans
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes bash commands and uses standard tools like
gitandghto manage plan files and repository interactions. These operations are scoped to the current project environment. - [EXTERNAL_DOWNLOADS]: The skill references the official GitHub CLI for issue creation. This targets well-known and trusted infrastructure.
- [DATA_EXFILTRATION]: The skill includes functionality to upload the content of implementation plans to GitHub as issues. While this transfers data externally, it is an intended part of the workflow and targets the repository associated with the current project context.
- [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface (Category 8) because it ingests external plan files for analysis by specialized sub-agents. * Ingestion points: Plan files located at user-defined paths (e.g.,
docs/plans/*.md). * Boundary markers: No explicit delimiters are used in sub-agent prompts to clearly separate instructions from the ingested plan content. * Capability inventory: File system access (read/write) and shell command execution viaghandgitCLIs. * Sanitization: No validation or sanitization of the plan file content is performed before processing.
Audit Metadata