Skills
skills/regenrek/codex-planr/planr-summary/Gen Agent Trust Hub

planr-summary

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local script located at ./.planr/tooling/planr to retrieve live scope context. This is a core part of its functionality but involves running code provided within the repository.- [PROMPT_INJECTION]: The skill processes data from potentially untrusted sources (Category 8), creating a surface for indirect prompt injection.
  • Ingestion points: Content from .planr/status/current.json, .planr/plans/*.plan.md, and file diffs are ingested into the prompt.
  • Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the ingested data.
  • Capability inventory: The skill has permissions to read repository files and execute a local CLI tool.
  • Sanitization: The instructions do not specify any validation or sanitization steps for the data retrieved from the repository.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 04:47 AM