visualize-plan
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection by ingesting and processing untrusted data from external sources.
- Ingestion points: External data is retrieved from user-provided arguments and GitHub issue bodies (via the
ghCLI tool). - Boundary markers: No explicit delimiters or boundary markers (e.g., XML tags or "ignore embedded instructions" headers) are used when interpolating this untrusted data into task descriptions or subagent prompts.
- Capability inventory: The skill has access to the
Bashtool for shell execution, theWritetool for file modification, and the ability to spawn subagents. - Sanitization: No sanitization, escaping, or validation logic was found for the data ingested from external sources before it is used in prompt construction.
- [COMMAND_EXECUTION]: The skill executes local shell scripts to perform diagnostic and analysis tasks on the repository.
- Evidence: It invokes
scripts/detect-plan-context.shandscripts/analyze-impact.shusing theBashtool. These scripts perform routine operations such as checking git diffs, branch names, and commit counts. - Evidence: It utilizes the GitHub CLI (
gh) to retrieve issue metadata when an issue reference is provided.
Audit Metadata