plan_review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- NO_CODE (SAFE): The skill consists entirely of markdown instructions and does not include any scripts, binaries, or executable files.
- Indirect Prompt Injection (LOW): The skill accepts external plan content as input, which serves as an ingestion point for potentially malicious instructions. While the risk is present, the skill lacks direct system capabilities to exploit. 1. Ingestion points: Plan content or file path arguments in SKILL.md. 2. Boundary markers: No delimiters or warnings are used to separate the plan content from the agent's instructions. 3. Capability inventory: The skill delegates tasks to other agents but has no direct file or network access. 4. Sanitization: No sanitization or validation of the input content is performed.
Audit Metadata