create-plan
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill defines a workflow for generating implementation plans. It utilizes existing agent capabilities for codebase exploration (Grep, Glob) and performs basic file operations (move, remove directory) within specified local paths. The instructions for handling files in the
_/directory are documented as a way to manage environment-specific prompts and do not represent a security bypass or privilege escalation. - [PROMPT_INJECTION]: The skill ingests user input to define task descriptions, which serves as the basis for planning and research. This is an inherent surface for indirect prompt injection, but because it is the primary intended function of the skill and the capabilities are limited to local planning tasks, the risk is considered low and the implementation is categorized as safe.
- Ingestion points: Task descriptions provided via user arguments in
SKILL.md. - Boundary markers: None specified; the agent is instructed to use the input directly as the task context.
- Capability inventory: File system access through codebase search tools and limited file management commands (
mv,rmdir) for the generated plans. - Sanitization: No explicit input validation or escaping is applied to the user-provided task descriptions.
Audit Metadata