smart-plan
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The frontmatter 'author' field is set to 'Claude Code Assistant', which is misleading as the skill is an unofficial third-party contribution.
- [COMMAND_EXECUTION]: The skill requests permission to use the 'Bash' tool, which provides a high-privilege interface for executing arbitrary system-level commands.
- [DATA_EXFILTRATION]: The skill explicitly targets sensitive project files like 'auth.ts' and 'user.ts' in its instructions, suggesting their modification during the planning process.
- [PROMPT_INJECTION]: A vulnerability surface for indirect prompt injection is identified due to the skill's data ingestion patterns.
- Ingestion points: The skill ingests untrusted project content using 'Read', 'Glob', and 'Grep' tools (File: SKILL.md).
- Boundary markers: No instructions are provided for implementing delimiters or security boundaries when processing ingested file content.
- Capability inventory: The agent is granted powerful capabilities including 'Bash', 'Write', and 'Edit' tools.
- Sanitization: The skill lacks any logic for the validation, sanitization, or escaping of data retrieved from the project environment.
Audit Metadata