skill-planner
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No high-risk patterns such as credential harvesting, exfiltration, or unauthorized command execution were found in the instructions or reference materials.
- [SAFE]: The skill incorporates robust control flow, including a prerequisite check (BLOCKER) and a mandatory human approval step (Step 10) before outputting the final plan.
- [SAFE]: The skill ingests data from local extraction results (knowledge.json, procedures.json, etc.), which constitutes an indirect prompt injection surface. This surface is evaluated as safe because the skill lacks the ability to execute code or make network requests, and the user must review the plan before it is used. 1. Ingestion points: manifest.json, knowledge-graph.json, chapters/.json, resources-manifest.json, and manuals/.md. 2. Boundary markers: Absent. 3. Capability inventory: The skill is limited to reading and writing local project files; it does not request or use dangerous shell or system utilities. 4. Sanitization: The skill validates its output against a provided JSON schema, providing structural integrity, though it does not explicitly sanitize the text content of the input files.
Audit Metadata