implementation-planner
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to define and execute shell commands as part of its quality assurance workflow.
- Evidence: In
SKILL.md, theQuality Gate Configurationsection explicitly lists commands such asnpm run lint,npm run typecheck, andnpm testto be executed at various stages. - Evidence: In
examples/milestone-m1.tasks.yaml, the validation step for taskm1-006includes runningnpx ts-node scripts/validate-examples.tsto verify examples. - [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection because it processes untrusted data from requirement files which directly influences the generation of tasks and commands.
- Ingestion points: The skill ingests data from
business-requirements.yaml,technical-requirements.yaml, and external files provided via the--style-anchorsparameter. - Boundary markers: There are no explicit boundary markers or instructions defined to prevent the agent from obeying malicious instructions embedded within these requirement files.
- Capability inventory: The skill has the capability to define and initiate subprocess calls (linting, testing, type checking) and write new files (
milestones.yaml,milestone-m*.tasks.yaml) based on the analyzed input. - Sanitization: The skill lacks sanitization or structural validation for the content of the input YAML files before using them to establish functional scope and dependencies.
Audit Metadata