writing-plans
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on extensive shell command execution for its primary auditing functions. It provides specific commands using
find,grep,ls, andripgrep(rg) to analyze directory structures, find circular dependencies, and identify code patterns such as raw color values or barrel files. - [EXTERNAL_DOWNLOADS]: Several templates recommend using well-known development tools and security scanners via
npmornpx, includingBiome,Lighthouse,ts-prune,jscpd, andReact Doctor. These are used to validate code quality and accessibility as part of the plan execution phases. - [DATA_EXFILTRATION]: The skill includes instructions for the agent to search for hardcoded secrets, API keys, and environment variables (e.g.,
cat .env.local). However, these actions are explicitly scoped to the project's security audit methodology to help users identify risks in their own codebase. No network exfiltration patterns were detected. - [PROMPT_INJECTION]: The
goal-structure.mdfile uses XML-style tags (e.g.,<goal>,<context>,<mandatory_first_steps>) to provide structured instructions for the agent. This is a common design pattern for task-oriented agents and does not contain attempts to bypass safety filters or override system instructions. - [SAFE]: All identified behaviors align with the stated purpose of project management and software auditing. The external dependencies and tools referenced are standard industry utilities.
Audit Metadata