stacksmith-plan
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform project reconnaissance by executing commands to retrieve Git metadata, such as branch names and remote URLs. These operations are used to organize local project documentation and logs within the user's home directory (~/.mystack). These commands are standard for development utilities and do not show signs of malicious intent.
- [PROMPT_INJECTION]: The skill architecture is susceptible to indirect prompt injection because it reads and processes user-controlled project files (e.g., PLAN.md, ARCHITECTURE.md) to generate its planning output.
- Ingestion points: Files including PLAN.md, ARCHITECTURE.md, and TODOS.md are ingested into the context across several operating modes.
- Boundary markers: The skill does not employ specific delimiters or instructions to treat ingested file content as untrusted or to ignore embedded instructions.
- Capability inventory: The skill possesses extensive capabilities, including system command execution via Bash, file system modifications via Write and Edit, and WebSearch access.
- Sanitization: No sanitization or validation is applied to the content read from external files before processing.
Audit Metadata