diy-project-plan
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill incorporates untrusted data into its processing flow, creating a vulnerability surface. \n
- Ingestion points: The
{user_provided_details}and{project_name}variables inprompts/planning.mdingest raw user input. \n - Boundary markers: No delimiters or instructions to ignore embedded commands are present in the prompt templates. \n
- Capability inventory: The skill is capable of writing markdown files to the local filesystem (
~/projects/diy/) as noted in the CHANGELOG.md. \n - Sanitization: No sanitization or validation of user-provided input is performed before interpolation. \n- [Data Exposure] (SAFE): The skill reads from
~/.config/diy-projects/tools.jsonand writes to~/projects/diy/. These are skill-specific paths and do not involve sensitive system credentials or private keys. \n- [No Code] (SAFE): The provided skill contains prompt templates and data files but no executable scripts (e.g., Python or JavaScript), reducing the risk of direct malicious code execution.
Audit Metadata