plans-and-specs
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface via the planned workflow where 'specs' are expanded inline into the agent context using the readPlan tool. If a spec contains adversarial instructions, the agent may follow them upon retrieval.
- Ingestion points: User-provided content for plans and specifications entered via the workflow tools.
- Boundary markers: No delimiters or protective instructions are specified to prevent the agent from obeying instructions embedded within the specs.
- Capability inventory: The skill utilizes tools for file and workflow management (createPlan, createSpec, readPlan, appendSpec, markPlanDone).
- Sanitization: No content validation or sanitization of user-provided documentation is mentioned.
- [NO_CODE]: This skill is comprised entirely of markdown instructions and YAML frontmatter. No scripts, binaries, or other executable assets were found.
Audit Metadata