Skills
skills/yonatangross/orchestkit/visualize-plan/Gen Agent Trust Hub

visualize-plan

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from local Git metadata (branch names, diffs) and external GitHub issues via the gh CLI. This data is interpolated into prompts for sub-agents and memory searches, creating a surface for indirect prompt injection.
  • Ingestion points: Git repository state (branch names, commit messages, file diffs) analyzed by detect-plan-context.sh and analyze-impact.sh; GitHub issue content fetched via gh issue view.
  • Boundary markers: The skill relies on structural ASCII templates to isolate data, but it lacks explicit instruction-ignore delimiters when processing external text.
  • Capability inventory: The agent has permissions for Write operations (to save reports), Bash execution (for analysis scripts), and gh operations (to create issues), which could be manipulated if the agent follows instructions embedded in processed data.
  • Sanitization: There is no evidence of sanitization or filtering of external content before it is processed or rendered into reports.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 12:23 PM