plans-and-specs

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface via the planned workflow where 'specs' are expanded inline into the agent context using the readPlan tool. If a spec contains adversarial instructions, the agent may follow them upon retrieval.
  • Ingestion points: User-provided content for plans and specifications entered via the workflow tools.
  • Boundary markers: No delimiters or protective instructions are specified to prevent the agent from obeying instructions embedded within the specs.
  • Capability inventory: The skill utilizes tools for file and workflow management (createPlan, createSpec, readPlan, appendSpec, markPlanDone).
  • Sanitization: No content validation or sanitization of user-provided documentation is mentioned.
  • [NO_CODE]: This skill is comprised entirely of markdown instructions and YAML frontmatter. No scripts, binaries, or other executable assets were found.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 11:10 PM
Security Audit — agent-trust-hub — plans-and-specs