Skills
skills/skenetechnologies/skene/plan-growth-loop/Gen Agent Trust Hub

plan-growth-loop

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands to interact with the file system and the Skene CLI, including ls, uvx, and shell redirections. It explicitly instructs the agent to automate inputs by piping defaults and killing stuck terminals, which reduces user oversight during execution.
  • [EXTERNAL_DOWNLOADS]: The skill uses uvx to fetch and run the skene package from public registries at runtime.
  • [DYNAMIC_EXECUTION]: Invokes uvx skene plan, which involves the dynamic loading and execution of Python code from a remote source during the skill's operation.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes data from the project directory (.skene/analysis/ or skene-context/) to generate plans, creating an interface where data-driven instructions could influence the agent's output.
  • Ingestion points: Reads content from .skene/plans/ and skene-context/growth-loops/ in SKILL.md.
  • Boundary markers: None present; the skill treats ingested data as the source of truth without protective delimiters.
  • Capability inventory: Includes file system writes to .skene/active-loop.json and shell command execution via uvx throughout the script logic.
  • Sanitization: The skill lacks explicit validation or sanitization steps for the data retrieved from the analysis directories.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 03:00 AM