plan-review
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands to detect the environment and manage files.
- Evidence: SKILL.md executes grep on ~/.claude/plugins/installed_plugins.json to verify the Codex plugin's installation and utilizes cp and rm for handling temporary review files in /tmp/.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting external plan data which is then evaluated by sub-agents to influence the final modified output.
- Ingestion points: Plan files provided as arguments or sourced from the active session context in SKILL.md.
- Boundary markers: Sub-agents are instructed to read the plan from a file path. While this avoids direct string interpolation, no explicit instruction-guarding delimiters or ignore-embedded-instructions warnings are applied to the plan content.
- Capability inventory: The skill can spawn sub-agents, modify files using the Edit tool, and execute shell commands.
- Sanitization: There is no evidence of sanitization or filtering applied to the plan content before it is processed.
Audit Metadata