planr-status
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute a local command-line tool located at
./.planr/tooling/planr. It uses various subcommands such asstatus show,open,next,ensure-scope,set-checklist,set-blocker, andset-verificationto retrieve and manage task states. This execution of local binaries is a core component of the skill's functionality. - [PROMPT_INJECTION]: The skill evaluates information from files like
.planr/status/current.json,.planr/plans/*.plan.md, and Git diff outputs. This creates a surface for indirect prompt injection if an attacker can influence the content of these files within the repository. - Ingestion points: The agent reads status JSON files, markdown plan files, and Git diffs from the local repository.
- Boundary markers: The instructions do not specify the use of delimiters or explicit directives to ignore embedded instructions within these processed data sources.
- Capability inventory: The skill can execute the
./.planr/tooling/planrCLI tool and recommend transitions to other skills likeplanr-fixorplanr-review. - Sanitization: There are no explicit instructions for content sanitization, validation, or escaping of the data ingested from the plan and status files.
Audit Metadata