planr-review
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs local command execution through standard Git operations (git diff, git show) and a repository-specific tool (./.planr/tooling/planr). These commands are used to verify code changes and are constrained to the local repository environment.
- [PROMPT_INJECTION]: The skill processes untrusted repository data, including plan files and code diffs, which creates a surface for indirect prompt injection. The instructions mitigate this risk by mandating strict scope isolation and verification gates to ensure the agent maintains control over the review workflow.
- [DATA_EXFILTRATION]: The skill accesses project-related files and Git metadata to perform its functions. No network communication patterns or external transmission methods were identified.
Audit Metadata