plan-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill identifies a surface for indirect prompt injection by interpolating unvalidated user input into generated implementation plans stored in the workspace.
- Ingestion points: Acceptance Criteria are populated from 'blueprint Step 2' as specified in
SKILL.md. - Boundary markers: Absent; user-provided text is inserted directly into Markdown tables and lists without delimiters or instructions for the LLM to ignore embedded commands.
- Capability inventory: The skill uses
Read,Write, andEdittools to create and modify documentation files in thedocs/plans/directory. - Sanitization: Absent; the skill does not perform escaping or validation of user-provided content before interpolation into the templates.
Audit Metadata