autoplan
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill employs shell commands to automate repository discovery and file management tasks. Specifically, it uses
bashto invokegitandghfor context gathering, and executesfindto locate supporting markdown files within the~/.claudedirectory. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted external data (project plans and branch diffs) and possesses significant capabilities like file modification and agent orchestration.
- Ingestion points: Untrusted content enters the context during Phase 0 from plan files and git diffs.
- Boundary markers: No explicit delimiters are used to isolate the untrusted data from the agent's core instructions.
- Capability inventory: The skill is granted
Bash,Write,Edit, andAgenttools. - Sanitization: The skill does not perform validation or sanitization of the input data before processing.
- [SAFE]: The skill implements a defensive backup mechanism, creating timestamped restore points of files before they are edited.
Audit Metadata