sn-research-planning
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to transform a research request into a structured JSON execution plan. No evidence of malicious behavior such as prompt injection, data exfiltration, or obfuscation was found.
- [DATA_EXPOSURE_AND_EXFILTRATION]: All file operations are localized to the provided project directory (e.g., reading
request.mdand writingplan.json). No sensitive system paths or hardcoded credentials are referenced. - [INDIRECT_PROMPT_INJECTION]: While the skill processes untrusted user input from
request.md, it is a design requirement for its research function. The output is structured JSON, which limits the immediate risk of executing malicious instructions contained within the input. The capability surface is low, primarily involving data processing and structured output generation.
Audit Metadata