planing-prometheustic
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests data from the user and the repository to generate prompts for its specialized subagents (Metis and Momus) and the resulting work plans.
- Ingestion points: User queries and codebase files accessed via exploration tools during the "Grounding" phase as described in
SKILL.md. - Boundary markers: The instructions do not employ specific delimiters or warning markers when interpolating session data into subagent messages.
- Capability inventory: The skill uses the
spawn_agent(translated to theTasktool) to invoke specialized sub-processes and writes artifacts to theplans/and.omo/drafts/directories. - Sanitization: External data is interpolated directly into templates and subagent calls without visible escaping or validation mechanisms.
- [SAFE]: The skill is strictly limited to planning activities and explicitly forbids the modification of source code or the execution of implementation tasks, which minimizes the potential impact of unintended system changes.
- [SAFE]: The skill enforces a structured multi-phase process with mandatory subagent reviews and human-in-the-loop "Clearance Check" checkpoints, which improves the reliability of the generated output and reduces automation risk.
Audit Metadata