Skills
skills/knowlet/claude-acpx/plan-acpx/Gen Agent Trust Hub

plan-acpx

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the acpx command-line tool to manage sessions and facilitate external audits of implementation plans.\n- [DATA_EXFILTRATION]: Local plan contents and role definitions are sent to an external service (Codex) via the acpx tool for the purpose of automated auditing. This is an intended part of the skill's primary functionality.\n- [PROMPT_INJECTION]: The skill processes user-supplied plan files, which presents a surface for indirect prompt injection. This is mitigated by the structured workflow and the requirement to stop and seek user guidance after a set number of audit cycles.\n
  • Ingestion points: Reads a plan file if provided as a path in the initial argument (SKILL.md).\n
  • Boundary markers: None explicitly defined for file content interpolation.\n
  • Capability inventory: Executes shell commands via the acpx tool and reads/writes local files (SKILL.md).\n
  • Sanitization: Includes explicit instructions to sanitize secrets before including file contents in prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 09:10 AM