planning
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted task requirements and converts them into detailed implementation plans containing code changes.
- Ingestion points: The skill processes external specifications or requirements provided by the user or from external data sources.
- Boundary markers: There are no explicit markers or instructions to isolate the input data from the skill's operational logic.
- Capability inventory: The skill is authorized to write markdown files to the local file system (e.g.,
<repository-root>/plans/). - Sanitization: No sanitization or validation of the input requirements is described, allowing malicious instructions in the input to potentially influence the generated code tasks.
Audit Metadata