plan-mode
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: Analyzed for Indirect Prompt Injection risks associated with codebase analysis and external research. Findings:
- Ingestion points: Reads local project files and technical facts via the context7 MCP or web search.
- Boundary markers: Includes specific instruction files such as 'research-policy.md' and structured templates to guide AI behavior.
- Capability inventory: Restricted to file-writing within the '.plan/' directory. No capabilities for code execution, system modification, or network requests to unknown domains.
- Sanitization: Requires labeling of facts versus inferences and mandates source links for external claims.
- [EXTERNAL_DOWNLOADS]: The skill documentation guides the user to install the '@upstash/context7-mcp' package from the official registry. This is a well-known service used for technical documentation retrieval and does not involve unauthorized remote code execution.
- [DATA_EXFILTRATION]: The skill performs codebase-aware planning by inspecting local files. This behavior is confined to the intended planning purpose, and no instructions were found that attempt to exfiltrate sensitive data to external or untrusted endpoints.
- [SAFE]: The skill includes explicit instructions and metadata to prevent the AI from implementation, refactoring, or editing source code, which serves as a security boundary against accidental or malicious code modification.
Audit Metadata