plan-writing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill directs the agent to create plan files and suggested commands based on user-provided tasks. This creates a surface for indirect prompt injection. 1. Ingestion points: User-provided task names and goals are interpolated into {task-slug}.md files. 2. Boundary markers: Absent. No instructions are provided to the agent to treat user input as untrusted or to use delimiters. 3. Capability inventory: The skill uses Read, Glob, and Grep. While the skill itself has limited tools, it encourages the agent to write and potentially execute commands like npx or curl as part of the plan verification. 4. Sanitization: Absent. There is no validation or escaping of the task-slug or plan content derived from the user's request.
- [Metadata Poisoning] (SAFE): The skill metadata correctly describes its purpose and does not contain deceptive instructions.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded secrets or network exfiltration patterns were found. Local curl examples are for development verification purposes and do not target sensitive paths.
Audit Metadata