agent-code-goal-planner
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions frequently reference the execution of
npx claude-flow, which downloads and runs a package from the npm registry at runtime. This package is not affiliated with a verified trusted organization or well-known service. - [COMMAND_EXECUTION]: The skill provides numerous patterns and examples where the agent is instructed to execute shell commands (e.g.,
npx claude-flow sparc run,git clone) to accomplish milestones. This grants the agent a high degree of control over the local environment when following the skill's planning logic. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It is designed to take 'vague development requirements' from a user and decompose them into actionable milestones and commands.
- Ingestion points: Untrusted user data enters via the development requirements or feature descriptions provided to the agent.
- Boundary markers: The skill lacks explicit instructions or delimiters (like XML tags or block markers) to prevent the agent from obeying instructions embedded within the user's software requirements.
- Capability inventory: The skill utilizes subprocess execution via shell commands (
npx,git) and MCP tool calls (mcp__claude-flow__*) to perform actions based on the parsed requirements. - Sanitization: There is no evidence of sanitization or validation logic to filter or escape instructions embedded in the input requirements before they are incorporated into the GOAP/SPARC execution flow.
Audit Metadata