checkpoint
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Uses bash for operations like directory creation, file copying, and git-based version control. It also executes a vendor-specific tool 'bd' for session management.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. 1. Ingestion points: project plans (~/.claude/plans/) and external resource metadata. 2. Boundary markers: None identified. 3. Capability inventory: Write, Edit, and Bash access. 4. Sanitization: No explicit sanitization of ingested content before inclusion in metadata. The risk is minimized as data is treated as documentation.
Audit Metadata