app-build-planner
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows established safety practices for a planning-focused agent. It reads project-specific documentation from controlled local directories and synthesizes that information into a textual implementation plan without attempting to execute code or access sensitive system credentials.
- [INDIRECT_PROMPT_INJECTION]: The skill identifies an attack surface by ingesting data from the
docs/planning/directory (e.g.,ux-brief.md,fhir-data-model.md). While these files could contain malicious instructions, the skill includes explicit guardrails (e.g., 'Do not generate application code') and limits its operations to text generation, which minimizes the potential for automated exploitation. - Ingestion points: Multiple planning documents in
docs/planning/as specified in Step 1 ofSKILL.md. - Boundary markers: Absent; the skill does not use specific delimiters to isolate untrusted input within the prompt.
- Capability inventory: The skill is strictly limited to text output and does not perform network operations, file writes, or command execution.
- Sanitization: No explicit sanitization of input markdown content is described.
Audit Metadata