foundation-prioritized-action-plan
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill includes explicit instructions to resist 'High-confidence' labels for complex or chaotic situations, acting as a built-in safety filter against over-confident or misleading AI outputs.
- [DATA_EXPOSURE]: File access is limited to what the user explicitly provides or what the client environment (like Claude Code) allows. There are no patterns of silent data exfiltration or hardcoded credentials.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user input (transcripts, notes) and interpolates it into prompts for downstream skills. While this presents a theoretical injection surface, the skill mitigates this through a mandatory 'source ledger' requirement (exact substrings only) and a multi-section document structure that allows for user review before any recommended prompts are executed.
- [COMMAND_EXECUTION]: The skill does not execute arbitrary shell commands. It manages tool-chaining by recommending specific 'Tier 1' or 'Tier 2' skills from a local catalog and provides a governed handoff mechanism to an orchestrator skill, which requires explicit user confirmation by default.
Audit Metadata