plan-to-spec
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE] (SAFE): The skill is composed entirely of Markdown instructions and templates with no executable scripts included.
- [PROMPT_INJECTION] (LOW): An indirect prompt injection surface was identified. 1. Ingestion points: The skill ingests untrusted text from Plan Mode user discussions. 2. Boundary markers: Absent; the instructions do not specify delimiters to isolate user input from the prompt logic. 3. Capability inventory: The skill enables writing files to the local file system within the 'docs/dev_notes/' directory. 4. Sanitization: Absent; the skill does not perform validation or escaping of the ingested discussion text before template interpolation.
Audit Metadata