create-plan
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill instructs the agent to ingest and process untrusted external content from the local workspace to generate its output.
- Ingestion points: Workflow Step 1 requires reading README.md, documentation folders, and other relevant project files.
- Boundary markers: Absent; there are no instructions to use delimiters or ignore instructions found within the analyzed files.
- Capability inventory: The skill explicitly restricts actions to read-only mode, with no file-write, command-execution, or network capabilities.
- Sanitization: No sanitization or filtering logic is specified for the content read from the filesystem.
Audit Metadata