Skills
skills/e0ipso/strikethroo/st-create-plan/Gen Agent Trust Hub

st-create-plan

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill instructs the agent to follow instructions contained in external hook files, creating a surface for indirect prompt injection.
  • Ingestion points: Content is read from <root>/config/hooks/PRE_PLAN.md and <root>/config/hooks/POST_PLAN.md as described in SKILL.md.
  • Boundary markers: Absent. The skill explicitly directs the agent to "execute the instructions it contains" without providing context delimiters or warnings to ignore embedded commands.
  • Capability inventory: The agent has the ability to traverse the file system (via scripts/find-strikethroo-root.cjs), read project configuration, and write new markdown files to the repository.
  • Sanitization: Absent. There is no validation or filtering of the content within the hook files before the agent is prompted to follow its instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 02:12 PM
Security Audit — agent-trust-hub — st-create-plan