plan-hard

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes local utility scripts using Node.js and Python (e.g., .claude/scripts/set-active-plan.cjs and .claude/scripts/code_graph) to manage project state and perform dependency tracing. These calls are restricted to the project's internal directory structure and are integral to the skill's codebase analysis functionality.
  • [PROMPT_INJECTION]: The skill is designed to ingest and analyze potentially untrusted data from external sources and project files, creating a surface for indirect prompt injection.
  • Ingestion points: Research results from WebSearch and WebFetch tools, as well as arbitrary project code read via grep or file-reading operations.
  • Boundary markers: Absent; the instructions do not specify the use of clear delimiters or isolation techniques when processing untrusted content.
  • Capability inventory: The agent has the authority to create tasks (TaskCreate), execute local scripts, and propose file modifications, though the latter is restricted by a 'PLANNING-ONLY' mandate.
  • Sanitization: Absent; the skill relies on the agent's internal reasoning and user confirmation rather than programmatic sanitization of external data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 09:18 AM
Security Audit — agent-trust-hub — plan-hard