blueprint-derive-plans
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs legitimate repository analysis tasks using standard shell and git commands.
- [COMMAND_EXECUTION]: Shell commands are used for local repository interrogation (e.g., git log, find, jq). These commands are consistent with the skill's description and intended functionality. Argument parsing from
$ARGUMENTSis handled within the logic of the shell scripts to control analysis scope. - [DATA_EXFILTRATION]: No network operations were detected. The skill operates entirely on the local file system and git repository data.
- [PROMPT_INJECTION]: No attempts to override agent behavior, bypass safety guidelines, or extract system prompts were identified.
- [SAFE]: The skill includes a 'Step 6: Clarify project context with user' which serves as a security checkpoint, requiring human review and confirmation of extracted features and architectural decisions before any documentation is generated.
Audit Metadata