plan-task
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local setup and management scripts located within the plugin root (e.g.,
create-folders.sh,create-scratchpad.sh) and relies on standard git commands (git status,git diff,git mv) to track changes and manage workflow states. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted task files from the local filesystem and interpolates their content into prompts for sub-agents without explicit sanitization or boundary markers.
- Ingestion points: Draft task files located in
.specs/tasks/draft/and.specs/tasks/todo/are read and processed. - Boundary markers: Absent; the content of the task file is directly interpolated into agent prompts.
- Capability inventory: The system can execute shell commands via bash and git, and launches sub-agents with research and codebase analysis capabilities.
- Sanitization: No explicit sanitization or filtering of task file content is performed before interpolation into sub-agent contexts.
Audit Metadata