plan-work
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE] (SAFE): No executable code is provided; the skill consists entirely of process documentation and a plan template in Markdown format.
- [INDIRECT_PROMPT_INJECTION] (SAFE): The skill defines a research workflow that ingests untrusted data from local repository files. Ingestion points: SKILL.md (Workflow step 1). Boundary markers: Absent. Capability inventory: Limited to read-only CLI tools (git, rg). Sanitization: Absent. Given the read-only nature and intended use case, this surface is considered safe.
Audit Metadata