plan-writing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): The skill contains instructional markers such as 'IMPORTANT' and 'NEVER', but these are used for project organization (e.g., ensuring plan files are not saved in hidden directories) rather than bypassing AI safety constraints or overriding system prompts.
- [DATA_EXFILTRATION] (SAFE): No patterns for data exfiltration or credential harvesting were detected. The skill mentions 'curl' and '.env' in documentation examples, but does not use them for network communication or accessing secrets.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill does not reference external URLs, download scripts, or install packages.
- [COMMAND_EXECUTION] (SAFE): While the skill mentions developer commands (e.g., 'npx create-next-app', 'npm run dev') and script names (e.g., 'security_scan.py') as examples of task verification, it does not include logic to execute these commands automatically or download them from untrusted sources.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill possesses a data ingestion surface (Category 8) as it processes task descriptions to generate plans. However, it lacks elevated capabilities like direct command execution or file-writing tools (only 'Read', 'Glob', and 'Grep' are listed in allowed-tools), minimizing the risk of a malicious task description influencing a dangerous system action.
Audit Metadata