plan-to-task-list-with-dag
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions do not contain any malicious prompt injection patterns, obfuscation, or hardcoded credentials. The workflow is focused on codebase exploration and task planning using standard MCP tools.
- [INDIRECT_PROMPT_INJECTION]: The skill has an inherent attack surface for indirect prompt injection as it ingests untrusted data from the codebase during its 'Explore' phase (using
mcp__codemaptools) and interpolates this data into task descriptions. - Ingestion points: Codebase content retrieved via
mcp__codemap__search_codeandmcp__codemap__get_file_summaryinSKILL.md. - Boundary markers: None identified; codebase content is directly used to build mental models and task descriptions.
- Capability inventory: The skill can write files to the local file system (
plans/directory) and interact with the user viaAskUserQuestion. - Sanitization: No explicit sanitization or escaping of codebase content is mentioned before it is included in the generated markdown or JSON plans.
- [EXTERNAL_DOWNLOADS]: While documentation examples mention tasks that might involve network operations (e.g., Linear API integration via fetch), the skill itself does not perform any external network requests or downloads.
Audit Metadata