create-plan
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes vendor-provided shell scripts (
validate-plan.shandvalidate-all-plans.sh) to perform structural validation of plan files. These scripts utilize standard local utilities such as find, cat, grep, and sed for pattern matching and file verification.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through its core workflow of ingesting codebase data to generate implementation strategies.\n - Ingestion points: Reads codebase files using search and read tools to inform plan creation (SKILL.md); reads and processes agent-generated plan files in the 'plans/' directory (validate-plan.sh).\n
- Boundary markers: No specific boundary markers or 'ignore' instructions are implemented when aggregating data from the codebase into plan templates.\n
- Capability inventory: Execution of internal bash scripts; file system operations (read/write) restricted to the 'plans/' directory; use of standard Unix utilities for content validation; no network capabilities or external execution.\n
- Sanitization: Validation scripts specifically check for and reject markdown code blocks (```) and suspicious code-like patterns, ensuring plans remain in natural language, though they do not sanitize text for natural language instructions.
Audit Metadata