plan-generator
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines a framework for generating plans containing executable shell commands (e.g., git branch, mkdir, npm test). These commands are generated based on requirements and are intended for execution by the agent to implement the project plan.
- [DATA_EXFILTRATION]: The skill accesses local git logs and internal memory files in the .claude/context/memory/ directory to gather context for planning. This is categorized as local data access for context-awareness with no evidence of external transmission.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted user requirements to generate plan tasks. Ingestion points: User-provided goals and requirements extracted in Step 1. Boundary markers: None present; instructions do not specify delimiters for user-provided data. Capability inventory: Bash, Write, Edit, Glob, Grep, and Skill tools. Sanitization: No input validation or command escaping is implemented before user requirements are processed into plan steps.
Audit Metadata