plan-parallel
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface
- Ingestion points: The skill ingests untrusted data via the
$ARGUMENTSvariable in the task block and by reading codebase files such asbackend-patterns-reference.md,frontend-patterns-reference.md, and other files identified via the/scoutcommand. - Boundary markers: The skill uses XML-like
<task>tags to encapsulate user arguments, providing some structural separation. - Capability inventory: The skill uses tools like
TaskCreateandAskUserQuestion, and invokes other skills via slash commands (/scout,/plan-review,/plan-validate). It explicitly restricts itself to planning and forbids code implementation. - Sanitization: No explicit sanitization or escaping of external content is described, but the workflow includes mandatory manual review by the user and automated validation via
/plan-review.
Audit Metadata