planning
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill processes untrusted external data (project 'specs' or 'requirements') to generate markdown plans and shell commands. This creates a surface for indirect prompt injection.
- Ingestion points: Processes 'spec or requirements' for multi-step tasks.
- Boundary markers: Absent; there are no instructions to ignore embedded commands within the input data.
- Capability inventory: Generates file-write operations to the
docs/plans/directory and produces shell commands forgitand test execution. - Sanitization: No sanitization or validation of the input requirements is defined in the instructions.
- Data Exfiltration (SAFE): No hardcoded credentials, sensitive file path access, or unauthorized network operations were detected.
- Remote Code Execution (SAFE): The skill does not download external scripts or packages and does not utilize dynamic code execution functions like
evalorexecin its own logic.
Audit Metadata