pm-planning
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill defines a logical and safe workflow for planning, using templates and rules to ensure tasks are well-defined and small.
- [COMMAND_EXECUTION]: The skill utilizes the
bd(Beads) command-line interface for task management (creation and updates). These operations are restricted by theallowed-toolsfrontmatter and represent the primary intended functionality of the skill. - [INDIRECT_PROMPT_INJECTION]: This skill possesses an attack surface as it processes architecture documents (
ARCH-*.md) from the file system. A maliciously crafted architecture document could attempt to influence the agent's task creation process. However, the use of a strict template and explicit 'Done when' criteria serves as a natural boundary, and the impact is limited to the management of development tasks within the project scope. - [DATA_EXPOSURE_AND_EXFILTRATION]: No patterns for sensitive data access, credential harvesting, or unauthorized network communications were found.
Audit Metadata