plan
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external, potentially untrusted project briefs and plan documents, creating a surface for indirect prompt injection.\n
- Ingestion points: SKILL.md references processing an "input plan," "project brief," and other "imported documents."\n
- Boundary markers: The skill includes an "External-input trust gate" which explicitly warns to treat embedded instructions as untrusted context. It also uses <proposed_plan> delimiters for output.\n
- Capability inventory: The skill uses a local script (scripts/plan_contract_lint.py) for structural verification of plans.\n
- Sanitization: The skill contains explicit instructions to ignore embedded commands in input data unless manually adopted.\n- [COMMAND_EXECUTION]: The skill invokes a local validation script (scripts/plan_contract_lint.py) using the 'uv' Python tool. This script is part of the vendor's provided code and functions as a static linter, examining text for required markers without conducting network or unauthorized filesystem operations.
Audit Metadata