docyrus-project-planning

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on the docyrus CLI for all operations, including project initialization, task management, and visual dashboard hosting. It also integrates with the gh CLI to automate GitHub releases as part of its phase completion workflow.\n- [PROMPT_INJECTION]: The system allows syncing data from external planning documents (markdown files in .docyrus/plans/) into the project graph. This creates a surface where instructions embedded in these artifacts could influence the generated project structure.\n
  • Ingestion points: Commands upsert-from-plan and upsert-from-architect read from the .docyrus/plans/ directory.\n
  • Boundary markers: No specific delimiters for untrusted content are defined in the instructions.\n
  • Capability inventory: The skill facilitates file creation, git operations (commit/tag), and repository release management.\n
  • Sanitization: No explicit sanitization or validation of the ingested artifact content is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 08:48 AM
Security Audit — agent-trust-hub — docyrus-project-planning