vibe-planning
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's workflow establishes an indirect prompt injection surface by requiring the agent to process potentially untrusted data to generate its plans.
- Ingestion points: The agent is instructed to read local files, including code, configurations, logs, and issue text, as well as external 'official documentation' and 'vendor docs' (
SKILL.md). - Boundary markers: The skill lacks technical delimiters to isolate ingested data from agent instructions, although it provides procedural rules to treat user claims as 'unproven' and maintain original intent (
SKILL.md). - Capability inventory: The agent is granted the ability to write Markdown artifacts to the local workspace (
SKILL.md). - Sanitization: There are no instructions for sanitizing or escaping content from external or local sources before it is interpolated into the generated plans.
Audit Metadata