rpi-plan
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection Surface: The skill is designed to ingest research artifacts and user requirements to generate structured implementation plans. This workflow creates a surface where instructions embedded in input data could potentially influence the planning logic.
- Ingestion points: Research artifacts are read from the
.copilot-tracking/research/directory as specified inSKILL.md. - Boundary markers: The instructions do not define explicit boundary markers or 'ignore instructions' headers for the ingested research content.
- Capability inventory: The skill has the capability to write files to the
.copilot-tracking/directory and invoke internal subagents like the Researcher and Plan Validator. - Sanitization: No explicit sanitization or filtering of input research data is documented before processing.
- Controlled File Access: The skill strictly limits its write operations to designated tracking directories, which minimizes the risk of unintended modification of core project files.
- Evidence: Constraints in
SKILL.mdlimit writing to specific subdirectories within.copilot-tracking/such as plans, logs, details, and research.
Audit Metadata