create-plans
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- Metadata Analysis (SAFE): The repository information and description for 'create-plans' are consistent with a legitimate developer productivity tool. No malicious indicators were found in the metadata fields.
- Indirect Prompt Injection (LOW): The skill is designed to process external 'briefs' to generate executable instructions. While this establishes an ingestion point for untrusted data (Category 8), the metadata itself does not contain malicious code or exploitable patterns. Evidence Chain: (1) Ingestion Point: External 'briefs' mentioned in description. (2) Boundary Markers: Absent in metadata. (3) Capability Inventory: Generates executable plans that influence downstream agent actions. (4) Sanitization: Not visible in metadata.
- Functional Code (INFO): The analysis is limited to metadata only as the SKILL.md and underlying logic files were not provided.
Audit Metadata