planning-patterns
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of local development commands such as
npm test,npm run lint,tsc, andgitcommands as part of its primary software development workflow. - [PROMPT_INJECTION]: The skill uses instruction-heavy templates to guide agent behavior. It also contains an indirect prompt injection surface where it ingests external data (ingestion points: Requirements Checklist, Success Criteria in SKILL.md). It utilizes markdown headers and blockquotes as boundary markers. Capability inventory includes Read, Write, Edit, and Bash tools. No explicit sanitization of input data is defined.
- [DATA_EXFILTRATION]: The skill references reading configuration files like
.env.exampleandtsconfig.json. These actions are limited to local file access for context gathering and do not involve unauthorized network transmissions.
Audit Metadata