yy-mode-plan
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection because it processes untrusted user instructions to generate implementation plans.
- Ingestion points: User-provided task descriptions or commands (e.g., /yy-mode-plan followed by a request) which are used to populate plan files.
- Boundary markers: Absent; the skill does not provide instructions to the agent to distinguish between its own logic and potentially malicious instructions embedded within the user's task description.
- Capability inventory: File system write operations (creating plan markdown files in detected or specified directories) and the NotifyUser notification tool.
- Sanitization: Absent; the skill does not specify validation, escaping, or filtering of user input before it is written into the plan document.
- [SAFE]: The skill's primary function acts as a defensive security control by strictly prohibiting any edits or non-read-only tool usage until the user has reviewed and explicitly confirmed a generated plan.
Audit Metadata