plan-two
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-provided task descriptions through the
$ARGUMENTSvariable and reads codebase files via thescoutagent. This creates a surface for indirect prompt injection where malicious instructions embedded in the task or codebase could attempt to influence the agent. However, the skill mitigates this through a mandatory planning-only constraint and explicit human-in-the-loop validation steps (/plan-reviewand/plan-validate). - [COMMAND_EXECUTION]: The skill instructs the agent to create directories and tasks using the
TaskCreatetool. These are standard project management operations within the agent environment and do not involve the execution of arbitrary or elevated shell commands. - [SAFE]: The skill contains explicit prohibitions against implementing or executing code changes (
DO NOT implement or execute any code changes), focusing entirely on the research and documentation phase of development.
Audit Metadata