Skills
skills/laurigates/claude-plugins/blueprint-derive-plans/Gen Agent Trust Hub

blueprint-derive-plans

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute standard utilities like git, find, grep, and jq. These operations are used for analyzing project history and managing documentation artifacts within the local repository.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data from the analyzed project.
  • Ingestion points: Git commit messages (git log), issue references, and project files like README.md and package.json are read into the agent context (SKILL.md Step 4, 5).
  • Boundary markers: Absent; there are no explicit delimiters or instructions provided to the model to ignore potential directives embedded within the commit history or codebase.
  • Capability inventory: The skill possesses Bash and Write capabilities, allowing it to modify files and execute shell commands based on its analysis.
  • Sanitization: While the skill uses secure jq --arg patterns for metadata updates, other shell commands use string interpolation for variables like {scope}, which could be exploited if input arguments are not properly validated by the agent (REFERENCE.md).
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 01:16 AM