plan
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it analyzes external repository content to create implementation plans. The impact is mitigated by the skill's restricted output capabilities.\n
- Ingestion points: Accesses repository files and conversation context to gather information (SKILL.md).\n
- Boundary markers: None present; the skill does not use specific delimiters to isolate ingested data from instructions.\n
- Capability inventory: Restricted to
write_filefor plan creation and read-only context inspection (SKILL.md).\n - Sanitization: No sanitization or filtering of ingested content is performed before processing.\n- [COMMAND_EXECUTION]: The skill includes explicit instructions to avoid any mutating terminal commands, code implementation, or external actions, which significantly reduces the risk of malicious activity during the planning phase.\n- [DATA_EXFILTRATION]: No network access or data exfiltration patterns were identified. The skill's operations are confined to the local or backend workspace environment.
Audit Metadata