spring-planning
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a standard planning workflow. It uses interactive prompts to gather requirements and generates documentation in the
docs/plans/directory. No evidence of obfuscation, credential harvesting, or unauthorized data exfiltration was found. - [COMMAND_EXECUTION]: The skill refers to executing project-specific test commands during the implementation phase. These commands are triggered by the agent based on the project's own configuration (e.g.,
npm test,pytest) as part of the intended development workflow. - [PROMPT_INJECTION]: The skill uses instructional markers like 'CRITICAL' and 'IMPORTANT' to enforce plan consistency and testing requirements. These are benign behavioral constraints designed to ensure the quality of the generated plan rather than attempts to bypass AI safety guidelines.
- [DATA_EXPOSURE]: The skill reads local project metadata and file structures via the
spring-exploreskill to generate relevant plans. This data remains within the local agent context and is used solely for the stated purpose of implementation planning.
Audit Metadata