manual-planning
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements a robust planning workflow with clear lifecycle states and mandatory human review. The 'Approval Gate' ensures that no implementation steps are executed without explicit user consent, mitigating risks associated with autonomous agent behavior.
- [COMMAND_EXECUTION]: The skill directs the agent to define and run shell commands for validating tasks and performing pre-flight checks. Examples provided in templates include standard development tools such as
cargo test,tsc, andbun run build. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it gathers context from the repository, but this risk is effectively managed by the user approval process.
- Ingestion points: Repository context, including files, dependencies, and test surfaces (SKILL.md).
- Boundary markers: Explicit 'Approval Gate' instruction: 'Implementation must not start until the user approves this plan' (SKILL.md, assets/simple-plan-template.md).
- Capability inventory: Execution of shell commands for validation and integration checks (SKILL.md, assets/milestoned-plan-template.md).
- Sanitization: No automated sanitization is specified; the security model relies on user review of the generated plan.
Audit Metadata