Skills
skills/christopheralphonse/calphonse-skills/plan-ceo-review/Gen Agent Trust Hub

plan-ceo-review

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's documentation provides an installation command using npx to download the skill from the author's repository (ChristopherAlphonse/calphonse-skills). This is a standard and transparent distribution method.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes external data in the form of project plans and local context found in the .planning directory. While this presents a surface for untrusted data ingestion, the skill mitigates risk by instructing the agent to keep the user in control of every change and requiring explicit opt-in for scope expansions. There are no specific boundary markers for the ingested content, but the operational constraints are well-defined.
  • [COMMAND_EXECUTION]: The skill allows the use of the Bash tool to perform its analysis. This is appropriate for its stated purpose of reviewing local project files and context within the development environment.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 03:33 AM