backend-planning
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill ingests data from local project manifest files (such as
package.json,pyproject.toml, orCargo.toml) and processes user input to generate planning documents. This creates a surface for indirect prompt injection if those files or inputs contain malicious instructions. However, this is mitigated by mandatory user review gates at every step of the pipeline. - Ingestion points: Technical manifests scanned in Step 0 and user-provided descriptions collected in Steps 0.5 through 5 of
SKILL.md. - Boundary markers: Explicit 'Wait for confirmation' instructions are present after tech stack detection, domain analysis, and every document generation step.
- Capability inventory: The skill's operations are limited to reading project metadata and writing Markdown files to the
docs/en/specifications/directory. It has no capabilities for network communication, system command execution, or script evaluation. - Sanitization: The skill relies on 'human-in-the-loop' verification, requiring the user to approve the tech stack and each document before the agent proceeds.
- [SAFE]: No malicious patterns such as credential theft, data exfiltration, or obfuscation were detected. The use of standard tech stack detection (e.g., framework and database identification) is well-aligned with the primary purpose of the skill and follows safe practices.
Audit Metadata