project-planner
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [No Code] (SAFE): The skill consists exclusively of Markdown documentation and localized description files. No scripts (Python, JavaScript, Bash) or binary executables are included, eliminating the risk of direct code execution.
- [Prompt Injection] (SAFE): No instructions targeting the agent's core safety protocols or attempting to override system behavior were detected. The detection logic is purely task-oriented.
- [Indirect Prompt Injection] (SAFE): The skill describes an attack surface by instructing the agent to read
docs/PLAN.md. - Ingestion points:
docs/PLAN.mdviaReadtool. - Boundary markers: None specified in the instructions.
- Capability inventory: Limited to file reading and writing within the project scope (
Read,Glob,TodoWrite). - Sanitization: None described.
- Conclusion: While it processes untrusted data, the risk is negligible as the skill only triggers suggestions for session commands and does not automate dangerous operations based on the file content.
- [Data Exposure & Exfiltration] (SAFE): No patterns for exfiltrating data to external domains or accessing sensitive system files (e.g., SSH keys, credentials) were found. The skill focuses solely on project documentation.
Audit Metadata