ws-planner
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing untrusted data to influence downstream agents.
- Ingestion points: Untrusted task descriptions are accepted via the
task_descriptioninput argument. - Boundary markers: No explicit delimiters or boundary markers are defined in the instructions to isolate the user-provided task description from the agent's logic.
- Capability inventory: The skill can read project documentation and write session state to
.ws-session/planner.json. Its primary output is used to direct the actions of thews-devagent. - Sanitization: There is no mention of sanitization or validation of the input data before it is interpolated into the generated Task Definitions.
Audit Metadata