project-planner
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (HIGH): The skill lacks sanitization of user-provided project details which are directly interpolated into an output file containing executable fields. This is critical as the plan is explicitly intended to guide a downstream 'Orchestrator' agent.
- Ingestion points: Inputs gathered from the user include PROJECT_NAME, GOAL_ONE_SENTENCE, TARGET_USER_CONTEXT, and HARD_CONSTRAINTS as defined in SKILL.md.
- Boundary markers: No delimiters or isolation techniques are present to distinguish user-provided content from system instructions.
- Capability inventory: The skill possesses file-write capabilities used to create a PLAN.md file at the repository root; this file includes a 'Validation Steps' field specifically for shell commands.
- Sanitization: User input is not validated, filtered, or escaped before being placed into the PLAN_TEMPLATE.md placeholders.
- No Code (LOW): The skill consists entirely of markdown-based instructions and templates without any executable scripts or binary components.
Recommendations
- AI detected serious security threats
Audit Metadata