planning-foundation
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local scripts (scripts/init-planning-dir.sh and scripts/session-catchup.py) to manage the .planning/ directory and restore state. These are standard utility components for maintaining session persistence.
- [PROMPT_INJECTION]: The skill design establishes a pattern where the agent reads from files (findings.md) that may aggregate data from external sources, creating a potential indirect prompt injection surface.
- Ingestion points: .planning/findings.md and .planning/progress.md are read during the 'Read Before Decide' and 'Resuming after gap' workflows.
- Boundary markers: No explicit delimiters or exclusion instructions are defined in the provided templates for untrusted content.
- Capability inventory: The skill facilitates file writing, status tracking, and subagent orchestration.
- Sanitization: No specific filtering or escaping mechanisms for external content are specified in the provided markdown templates.
Audit Metadata