planr-plan
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a repository-local CLI tool located at
./.planr/tooling/planrto initialize projects and scaffold new planning files. - [PROMPT_INJECTION]: The skill demonstrates an attack surface for indirect prompt injection by design, as it must process untrusted external data (bug reports, task documents, review findings) to generate its output.
- Ingestion points: Processes user requests, task documents, bug reports, and review findings as identified in
SKILL.md. - Boundary markers: No specific delimiters or "ignore instructions" markers are used when interpolating external content.
- Capability inventory: The agent can write files to the
.planr/directory and execute the./.planr/tooling/planrlocal binary. - Sanitization: The instructions advise the agent to "rewrite it into an execution contract instead of copying the original text verbatim," which serves as a manual abstraction layer but does not constitute technical sanitization of the input.
Audit Metadata