Skills
skills/vitadynamics/vita-cc-market/medium-plan/Gen Agent Trust Hub

medium-plan

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The overall logic and tool usage of the skill are consistent with its stated purpose of generating project documentation and implementation plans within a software repository.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes untrusted user input via the ${ARGUMENTS} variable.
  • Ingestion points: User-provided feature descriptions, bug reports, and improvement ideas in SKILL.md.
  • Boundary markers: The input is enclosed within <feature_description> tags to provide context separation.
  • Capability inventory: The skill utilizes Bash, Grep, Read, Write, and Edit tools to perform its tasks.
  • Sanitization: No specific sanitization or filtering of the user input is implemented.
  • [COMMAND_EXECUTION]: The skill uses Bash and Grep for context gathering during the repo-research-analyst phase. These commands are used locally for repository analysis and do not include patterns for remote code execution or privilege escalation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 09:56 AM