project-planning
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains instructions to override standard interaction patterns by bypassing user confirmation for autonomous actions. It explicitly states 'Do NOT prompt the user for confirmation' when transitioning from planning to the execution phase.
- [PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection through its ingestion of project specification data.
- Ingestion points: Specification data processed during the planning phase.
- Boundary markers: None present in the instructions to delimit untrusted input.
- Capability inventory: Writes to 'docs/implementation-plan.md' and invokes 'Skill(attune:project-execution)'.
- Sanitization: No sanitization or validation of the input specification content is defined.
- [SAFE]: No evidence of credential exposure, data exfiltration, or remote code execution was found. All file operations and skill delegations are consistent with the skill's stated purpose as a project planning tool within its defined ecosystem.
Audit Metadata