plan
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The workflow executes the 'open' command to launch the Typora editor with the generated 'PLAN.md' file.
- [PROMPT_INJECTION]: The skill reads and processes external documentation, creating an attack surface for indirect prompt injection.
- Ingestion points: PRD.md and files within the 'specs/' directory (SKILL.md).
- Boundary markers: The skill does not define delimiters or instructions to ignore embedded prompts in the source files.
- Capability inventory: The skill has the ability to create files and execute shell commands ('open').
- Sanitization: Content from the input files is not sanitized or validated before being processed.
Audit Metadata