plan-review
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted data from plan files. It reads markdown files from
ai-workspace/plans/and potentially other skill definitions from.claude/skills/assemble-panel/SKILL.md, passing the extracted content to sub-agents via the Agent tool. The skill lacks boundary markers or explicit instructions to ignore commands embedded within these files, and no sanitization is performed on the ingested content. - [COMMAND_EXECUTION]: The skill executes shell commands to discover and filter plan files in the local workspace. Specifically, Step 1 uses a pipeline of
ls,grep, andheadto identify the most recent plan file. These are benign, standard utilities used for intended workflow automation within the local environment.
Audit Metadata