Skills
skills/willoscar/research-units-pipeline-skills/unit-planner/Gen Agent Trust Hub

unit-planner

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The troubleshooting section instructs the agent to execute local Python scripts (scripts/pipeline.py and scripts/validate_repo.py). While these are intended for repository maintenance, the capability to run local scripts represents a potential attack surface if the script contents are compromised.- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface.
  • Ingestion points: The skill reads PIPELINE.lock.md, files in pipelines/*.pipeline.md, and templates/UNITS.*.csv.
  • Boundary markers: Absent; the instructions do not specify any delimiters or safety markers to isolate the content of these processed files.
  • Capability inventory: The skill has permission to write to UNITS.csv, STATUS.md, and CHECKPOINTS.md, and is instructed to execute local Python scripts.
  • Sanitization: Absent; the skill does not require any validation or escaping of the ingested data before it is used to modify workspace files or influence script execution parameters.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:08 PM