docyrus-project-planning
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
docyrusCLI for all operations, including project initialization, task management, and visual dashboard hosting. It also integrates with theghCLI to automate GitHub releases as part of its phase completion workflow.\n- [PROMPT_INJECTION]: The system allows syncing data from external planning documents (markdown files in.docyrus/plans/) into the project graph. This creates a surface where instructions embedded in these artifacts could influence the generated project structure.\n - Ingestion points: Commands
upsert-from-planandupsert-from-architectread from the.docyrus/plans/directory.\n - Boundary markers: No specific delimiters for untrusted content are defined in the instructions.\n
- Capability inventory: The skill facilitates file creation, git operations (commit/tag), and repository release management.\n
- Sanitization: No explicit sanitization or validation of the ingested artifact content is described.
Audit Metadata