Skills
skills/kirkchen/beat/plan/Gen Agent Trust Hub

plan

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it reads and processes externally-provided specification files (Markdown and Gherkin) to generate tasks and guide subagent reviews.
  • Ingestion points: Reads proposal.md, features/*.feature, design.md, and beat/config.yaml in Step 3.
  • Boundary markers: No specific delimiters or safety instructions are used to isolate the content of these artifacts when they are interpolated into prompts for task generation tools or subagents.
  • Capability inventory: The skill can write to tasks.md, execute git commands, and spawn review subagents.
  • Sanitization: No content validation or sanitization is performed on the input specification artifacts.
  • [COMMAND_EXECUTION]: The skill uses standard version control commands, specifically git add and git commit, to persist the generated task list and status updates.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 09:21 AM