planning
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted external data (PRDs, concept briefs, and feature specs). This represents an indirect prompt injection surface. However, the skill includes explicit instructions for the agent to flag ambiguities, document assumptions, and follow strict anti-patterns (e.g., sticking to documented requirements), which helps mitigate the risk of the agent obeying malicious instructions embedded in the requirements text.
- [DATA_EXFILTRATION]: Data operations are strictly confined to the local
.claude/directory. The skill generates atasks.db,features.json, andPROJECT.mdfor local project state management. No evidence was found of instructions to send this data to external servers or non-whitelisted domains. - [COMMAND_EXECUTION]: The skill provides Python code snippets and SQL schemas for the agent to use when interacting with the local database and generating project files. These scripts use standard libraries (e.g.,
sqlite3,json) and perform scoped operations for project tracking. There is no evidence of arbitrary shell command execution or unsafe handling of system-level resources. - [DYNAMIC_EXECUTION]: While the skill contains code templates for the agent to implement, these are used for internal project structure and data management. There is no usage of
eval(),exec(), or runtime compilation based on external input that would lead to unauthorized dynamic code execution. - [SAFE]: The skill adheres to best practices for structured planning and output. It uses clear boundaries for its operations, provides robust error/ambiguity checking instructions, and maintains its state within a well-defined local environment.
Audit Metadata