dev-plan
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing external project documentation.
- Ingestion points: Processes markdown files located in
/projectdocs/require/and/projectdocs/design/. - Boundary markers: Lacks explicit delimiters or specific instructions to the agent to disregard potential commands embedded within the external documentation.
- Capability inventory: The skill suggests the execution of internal commands (such as
/dev-ddl) and performs file write operations to create project plans in/projectdocs/dev/. - Sanitization: No content filtering, escaping, or validation of the input documentation is performed before it is processed by the AI.
Audit Metadata