project-planner
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection during the initial project analysis phase.
- Ingestion points: The skill explicitly instructs the agent to read and summarize files such as
README.mdandCLAUDE.mdfrom the user's workspace to establish project scope. - Boundary markers: The instructions do not define delimiters or defensive directives to ensure the agent distinguishes between its own task logic and potentially malicious instructions contained within the ingested files.
- Capability inventory: The agent is granted access to high-impact tools including
Write,WebFetch, and task modification tools (TaskCreate,TaskUpdate), providing a means for an injection attack to modify the environment or exfiltrate data. - Sanitization: No sanitization, validation, or structural checking is performed on the content retrieved from local codebase documentation.
Audit Metadata