prepare-plan-for-review
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFENO_CODECOMMAND_EXECUTION
Full Analysis
- Data Exposure & Exfiltration (SAFE): The skill reads project metadata (e.g., package.json, tsconfig.json) to identify frameworks and languages. All operations are local, and no data is transmitted externally.
- Persistence Mechanisms (SAFE): It creates a local cache file at .claude/stack-profile.md. This is used for performance and allows user-defined overrides, which is a standard functional behavior and does not pose a security risk.
- Indirect Prompt Injection (LOW): 1. Ingestion points: Reads various repository files including package.json, README.md, and implementation plan documents. 2. Boundary markers: Absent. 3. Capability inventory: File system read/write, git diff, and git log execution. 4. Sanitization: Absent. The risk is considered low because the ingested data is used to populate a prompt for another model, and the final output is intended for manual user review/copy-pasting.
- Command Execution (SAFE): The skill uses git commands (diff, log) to locate recently modified files. These are read-only operations on the repository's metadata and are used safely within the intended scope.
Audit Metadata