project-planning
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWSAFENO_CODEPROMPT_INJECTION
Full Analysis
- SAFE (SAFE): No malicious patterns, hidden logic, or security vulnerabilities were identified in the instruction set.
- NO_CODE (INFO): The skill consists entirely of markdown templates and instructional text for the AI agent. It does not include Python scripts, Node.js packages, or binary executables.
- PROMPT_INJECTION (LOW): The skill creates a surface for indirect prompt injection by instructing the agent to generate instructions and shell commands based on untrusted user input.\n
- Ingestion points: User responses to the requirements checklists defined in SKILL.md and references/clarifying-questions.md.\n
- Boundary markers: Absent. User input is interpolated directly into PROJECT-SPEC.md and TASKS.md templates without delimiters or 'ignore' warnings.\n
- Capability inventory: The skill directs the agent to generate (write) markdown documents that include shell verification blocks (e.g., npm test), which are intended to guide downstream coding agents.\n
- Sanitization: Absent. There is no validation or filtering of user-provided content before it is incorporated into the planning documents.
Audit Metadata