Skills
skills/team-attention/hoyeon/quick-plan/Gen Agent Trust Hub

quick-plan

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes hoyeon-cli via the Bash tool to manage session specifications (spec.json). This involves initializing specifications and merging task and context data into the user's home directory.
  • [PROMPT_INJECTION]: The skill processes untrusted project documentation and logs which could influence the planning process through malicious content.
  • Ingestion points: Phase 1 reads CLAUDE.md and git logs; Phase 1.5 uses an agent to scan the codebase for project structure.
  • Boundary markers: None provided for the ingested project data.
  • Capability inventory: Uses Bash, Write, Agent, and Skill tools to implement the plan.
  • Sanitization: No evidence of sanitization or validation of the ingested data before it is used to construct the task breakdown and specification.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 11:01 AM