plan-dag
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill processes data from GitHub issues to create visual dependency graphs. It includes a dedicated validation layer in
plan-dag-render.pythat checks for forbidden characters and structural integrity of the input data before rendering. - [COMMAND_EXECUTION]: The skill invokes the
dotutility from the Graphviz suite and thenoderuntime for rendering. These calls are made usingsubprocess.runwith list-based arguments, which prevents shell injection by avoiding the use of a shell for execution. - [EXTERNAL_DOWNLOADS]: The skill relies on standard tools like
graphvizandplaywright. These are well-known, reputable software packages commonly used for diagramming and browser automation. The installation instructions provided for the user follow best practices. - [PROMPT_INJECTION]: No malicious prompt injection patterns were detected in the instructions or metadata. The skill instructions focus strictly on its stated purpose of assisting with project planning and visualization.
Audit Metadata