planning-agent
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from issue trackers and user-provided files to inform its technical planning.\n
- Ingestion points: Parent issue title, description, and acceptance criteria; user-provided files like
architecture.mdor design notes (referenced in SKILL.md).\n - Boundary markers: Absent. The instructions do not specify the use of delimiters or instructions to ignore embedded commands when reading external content.\n
- Capability inventory: The skill uses MCP tools to read files and modify issue tracker state (creating subtasks, applying tags, changing status).\n
- Sanitization: Absent. There is no mention of filtering or validating the content of the tickets or documents before processing.
Audit Metadata