plan-based-skill-builder
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill functions as a meta-tool for documentation and skill creation, assisting in the extraction of workflows from planning documents.
- [COMMAND_EXECUTION]: Includes example system commands such as
kill,make, andcurlwithin templates for system restarts and deployments. These commands are contextually appropriate for the described operations. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it is designed to ingest and process untrusted external plan documents. 1. Ingestion points: Reads from plan documents (e.g.,
*PLAN*.md). 2. Boundary markers: The skill does not explicitly define markers to isolate or ignore instructions embedded within the source documents. 3. Capability inventory: The skill facilitates the creation of new skills that may execute bash commands and system-level operations. 4. Sanitization: No specific sanitization or validation of the input plan content is performed during the extraction process.
Audit Metadata