plan
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs expected productivity tasks, such as listing issues via an API and managing local configuration state. No evidence of malicious intent or risky operations was found.- [INDIRECT_PROMPT_INJECTION]: The skill ingests external data from the Plane API (task list), which represents a potential surface for indirect prompt injection if task content contains instructions intended to manipulate the agent. However, the skill's capabilities are limited to planning and managing local workspace configuration files, posing low risk.
- Ingestion points: Plane API task list (SKILL.md)
- Boundary markers: Not explicitly defined for task data interpolation.
- Capability inventory: Reading and writing configuration files within the local workspace.
- Sanitization: No explicit sanitization or filtering of task content mentioned.
Audit Metadata