plan-next
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface (Category 8). The skill identifies the next steps by reading and analyzing the contents of project governance files, such as strategic goals, roadmaps, and task descriptions. This behavior creates a risk where malicious instructions placed within these documents could influence the agent's reasoning or the commands it suggests to the user.
- Ingestion points: The skill scans various directories including 'docs/project-overview/', 'docs/process-management/', 'docs/requirements/', 'docs/tasks/', 'docs/architecture/adrs/', 'docs/designs/', and specification files.
- Boundary markers: There are no explicit instructions within the skill to treat content from these files as untrusted or to ignore any embedded agent instructions.
- Capability inventory: While the skill itself is read-only, it generates recommendations for running other tools (e.g., '/design-solution', '/breakdown-tasks'), creating a path for an injection to lead to action if followed by the user.
- Sanitization: No sanitization or validation of the text content within the project documentation is performed.
Audit Metadata