plan-budget
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed with a strict 'no autonomous spend' policy. All outputs are markdown plans intended for human review and manual execution, with the 'gate_class' explicitly set to 'review' in the configuration.
- [COMMAND_EXECUTION]: The skill utilizes local tools like
Bash,Grep, and a project-specific Bun script (scripts/bootstrap-experience.ts) to manage project state and analyze performance artifacts. The script incorporates security best practices, such as symbolic link validation to prevent file system traversal attacks during project initialization. - [PROMPT_INJECTION]: The skill is architected to handle untrusted data from marketing research and performance logs, addressing indirect prompt injection risks through its multi-agent design.
- Ingestion points: Reads from
.forsvn/performance/*.tsv,campaign-plan.md,icp-research.md, andproduct-context.md. - Boundary markers: The system uses a 7-dimension quantitative rubric and a dedicated 'Critic' agent to verify the logical consistency and data grounding of the final output.
- Capability inventory: Uses
Bash,Read,Grep, andGlobtools for local file analysis. - Sanitization: Employs a 'Constraint Checker' agent to enforce hard rules (min-viable floors, concentration caps, fit vetoes) and an 'Anti-Patterns' detection catalog to reject unsafe or fabricated proposals.
Audit Metadata