plan-first
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified in the skill's instructions. The skill operates purely as a workflow controller within the agent's local state.
- [PROMPT_INJECTION]: Indirect prompt injection surface identified. Ingestion points: .ai_state/design.md. Boundary markers: Absent. Capability inventory: Local file write to .ai_state/plan.md; no command execution or network capabilities. Sanitization: Absent. The risk is assessed as safe given the lack of exploitable capabilities.
Audit Metadata