superplane-cli
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified in the skill's instructions or the referenced YAML specification.
- [COMMAND_EXECUTION]: The skill operates using the
superplaneCLI tool. It includes a robust safety check to verify the binary's presence before execution and explicitly forbids the agent from attempting to install the CLI automatically, ensuring user control over the environment. - [EXTERNAL_DOWNLOADS]: The skill references official documentation and installation guides on the vendor's domain (docs.superplane.com) and the expression language site (expr-lang.org). These are legitimate vendor-controlled resources necessary for the skill's operation.
- [PROMPT_INJECTION]: While the skill exhibits an indirect prompt injection surface by ingesting external YAML configurations and documentation, there are no identified malicious instruction chains or exploitable capabilities that leverage this surface. The ingestion of this data is a core part of its functionality as a workflow management tool.
Audit Metadata