accessibility-planner-playbook
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection Surface: The skill is designed to process external data, such as Project Requirement Documents (PRDs) and user input, which creates a potential surface for indirect prompt injection. \n
- Ingestion Points: The skill ingests data through various entry modes (e.g., from-prd, from-brd) described in capture-coaching.md. \n
- Boundary Markers: The playbook relies on explicit human confirmation at phase boundaries rather than fully autonomous execution. \n
- Capability Inventory: The skill generates local state files and work items via platform-specific tools for Azure DevOps and GitHub. \n
- Sanitization: A "Content Sanitization Protocol" is specified in backlog-handoff.md to be performed before any content is emitted to external systems, mitigating the risk of processing malicious instructions. \n- Local File Interaction: The skill reads and writes state and artifacts within the .copilot-tracking/ directory to maintain project continuity. \n
- Evidence: References to file paths under .copilot-tracking/ are found in backlog-handoff.md and impact-assessment.md. \n
- Context: This interaction is restricted to a dedicated workspace folder and follows standard practices for state management in planning agents.
Audit Metadata