Skills
skills/synapsync/skills-registry/universal-planner/Gen Agent Trust Hub

universal-planner

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill implements a strict 'Mode Boundary' (Rule 1) between PLAN and EXECUTE modes, ensuring that planning activities do not trigger code execution and implementation activities do not modify architectural strategy. This separation follows the principle of least privilege during the planning phase. All output is directed to a deterministic staging directory (.agents/staging/universal-planner/).
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool for running project-specific verification commands and task implementation. This is documented as a primary feature of the 'EXECUTE' mode and is subject to user oversight through defined task structures and verification gates. Verification commands are intended to be generated by the agent based on the specific project context, providing a transparent implementation path.
  • [DATA_EXFILTRATION]: No unauthorized network operations or exfiltration patterns to external domains were identified. All URLs found in the skill metadata and documentation point to the vendor's official GitHub repositories, documentation sites, or standard JSON schema registries (json-schema.org). The skill instructions prioritize local configuration resolution over external data fetching.
  • [PROMPT_INJECTION]: The instructions focus on structured workflows, adaptive mode detection, and professional quality standards. There are no attempts to bypass safety filters, extract system prompts, or override platform-level constraints. Rules such as 'RULE 7 — CONVENTIONS ARE NON-NEGOTIABLE' are used to maintain project consistency within the SDLC workflow.
  • [INDIRECT_PROMPT_INJECTION]: The skill has a natural ingestion surface for indirect prompt injection as it reads existing codebases to discover conventions (discovery/CONVENTIONS.md). However, it mitigates risk by using structured Markdown templates and requiring explicit analysis of existing patterns before implementation. This exposure is typical for developer-focused agents and is handled with appropriate instructional boundaries.
  • [EXTERNAL_DOWNLOADS]: The skill does not perform remote code downloads (e.g., curl|bash) or install unverifiable dependencies. It relies on internal Markdown assets and the agent's native tools to perform its functions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 02:37 PM
Security Audit — agent-trust-hub — universal-planner