plan-writing
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Prompt Injection (SAFE): The instructions use natural language to define planning frameworks. There are no attempts to override system prompts or bypass safety guardrails.
- Data Exposure & Exfiltration (SAFE): No sensitive file paths (~/.ssh, etc.) or hardcoded credentials were detected. The skill focuses on project-level task management.
- Obfuscation (SAFE): No encoded strings, homoglyphs, or hidden characters were found in the markdown or metadata.
- External Downloads & RCE (SAFE): The skill does not perform any network requests or download external scripts. References to scripts like 'security_scan.py' are provided as examples of what a user might include in a plan, not as executable commands.
- Privilege Escalation (SAFE): No commands involving sudo, chmod, or administrative access are present.
- Indirect Prompt Injection (LOW): The skill processes user-defined tasks to generate plan files. While the naming convention uses a '{task-slug}', the allowed tools (Read, Glob, Grep) are read-only, preventing the skill from autonomously writing malicious files to the filesystem.
- Dynamic Execution (SAFE): There is no evidence of runtime code generation, unsafe deserialization, or process injection.
Audit Metadata