create-plan
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection.
- Ingestion points: The skill reads user requests and all identified files related to the feature area during the research phase (Phase 1) and user corrections (Phase 3).
- Boundary markers: The skill does not specify the use of delimiters or 'ignore' instructions when reading codebase files, which could lead to instructions embedded in code being treated as agent directives.
- Capability inventory: The skill has the ability to write implementation plans to the filesystem (
docs/plans/), create and update tasks (TaskCreate,TaskUpdate), and invoke other skills (adr). - Sanitization: There is no explicit sanitization or filtering mentioned for the content ingested from the codebase before it is used to generate plans or tasks.
Audit Metadata