Skills
skills/neo-hack/supermario/request-plan-review/Gen Agent Trust Hub

request-plan-review

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses command -v to detect the presence of local command-line tools like claude, gemini, codex, opencode, and qwen. It subsequently dispatches subagents to execute these detected CLIs to perform automated reviews of the source markdown.
  • [EXTERNAL_DOWNLOADS]: The generated HTML review page is configured to fetch client-side libraries for syntax highlighting, diagram rendering, and visual annotations from well-known and trusted CDNs, including ESM.sh, JSDelivr, and Unpkg.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through its markdown processing workflow.
  • Ingestion points: The skill reads user-provided or agent-generated markdown plan files from the local filesystem.
  • Boundary markers: The buildReviewPrompt utility in scripts/review-utils.mjs interpolates the full markdown content into a review prompt without utilizing defensive delimiters or specific 'ignore' instructions for the reviewer subagents.
  • Capability inventory: The tool possesses capabilities for file system writes (docs/request-plan-review/), command execution (command -v, open), and the ability to trigger external CLI tools via subagents.
  • Sanitization: There is no evidence of filtering or escaping performed on the markdown content before it is processed by the reviewer agents.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 11:11 AM
Security Audit — agent-trust-hub — request-plan-review