plan-then-execute
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- Metadata Poisoning (LOW): The file 'skill-snitch-report.md' contains a self-generated audit report claiming a 'Risk Level: ZERO'. This self-vouching content is noted but ignored in favor of objective analysis.
- Indirect Prompt Injection (LOW): This skill handles untrusted input that influences tool use. 1. Ingestion points: 'goal' and 'constraints' parameters in the PLAN method of CARD.yml. 2. Boundary markers: The protocol defines a 'frozen' state for the plan before execution per SKILL.md. 3. Capability inventory: The skill uses 'read_file', 'write_file', and optionally 'run_terminal_cmd' as listed in CARD.yml. 4. Sanitization: Relies on a mandatory human approval gate (APPROVE method) before any execution occurs.
- No Code (SAFE): The skill contains no executable scripts, binaries, or active logic; it consists solely of documentation and configuration templates.
Audit Metadata