visualize-plan
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests data from external sources such as git diffs and GitHub issue bodies, which is then used to generate report content, create tasks, and influence subagent prompts.
- Ingestion points:
scripts/analyze-impact.sh(git output) andscripts/detect-plan-context.sh(GitHub issue content viagh issue view). - Boundary markers: Absent. The data is interpolated directly into templates like
assets/plan-report.mdwithout clear delimiters or instructions to ignore embedded commands. - Capability inventory: Includes the ability to write to the filesystem (
Write), manage tasks (TaskCreate,TaskUpdate), and spawn subagents (Agent). - Sanitization: No sanitization or escaping of the external data was found in the provided scripts or templates.
- [COMMAND_EXECUTION]: The skill executes local shell scripts (
scripts/analyze-impact.shandscripts/detect-plan-context.sh) which in turn invokegitandgh(GitHub CLI) tools. While these are necessary for the skill's core functionality of analyzing project state, they represent an interaction with the system environment and its version control data.
Audit Metadata