plan-interview
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted project files to drive planning and autonomous execution.
- Ingestion points: The agent is instructed to read
README.md,AGENTS.md, and other codebase files to understand architecture and conventions during the exploration phase (SKILL.md). - Boundary markers: The instructions do not define delimiters or markers to isolate the content of these files from the agent's instructions, which could allow embedded malicious prompts to influence behavior.
- Capability inventory: The skill has the capability to write files (planning documents in
docs/plans/) and is explicitly instructed to 'Auto-start implementation immediately' once a plan is approved, which involves making direct changes to the codebase (SKILL.md). - Sanitization: The process lacks validation or sanitization of ingested content before it is used to formulate implementation steps.
- [EXTERNAL_DOWNLOADS]: The skill can be triggered to fetch content from external network locations provided by the user.
- Evidence: During the 'Knowledge Audit', the agent is instructed to load user-provided references, such as documentation URLs or API specifications, if they are needed to fill knowledge gaps before planning (SKILL.md).
Audit Metadata