implementation-planning
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection due to its core functionality of processing external data.
- Ingestion points: Technical tickets and research documents located in the
thoughts/research/directory. - Boundary markers: The skill lacks explicit instructions or markers to distinguish between system-level planning instructions and untrusted content within source materials.
- Capability inventory: The skill utilizes the
Tasktool to spawn sub-agents and theWrite/Edittools to modify the codebase based on its planning outputs. - Sanitization: No mechanisms for sanitizing or validating input from tickets or research documents are defined, potentially allowing embedded instructions to influence the agent's behavior.
Audit Metadata