skills/tstelzer/skills/ts-plan/Gen Agent Trust Hub

ts-plan

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core workflow involves reading and acting upon untrusted repository data (source code, documentation, and configuration files) that could contain malicious instructions.
  • Ingestion points: The LOAD_CONTEXT step explicitly reads source code, tests, docs, and AGENTS.md from the local environment.
  • Boundary markers: There are no instructions to use delimiters or to ignore potential instructions embedded within the ingested files.
  • Capability inventory: The skill has the capability to write new files to the filesystem and execute local shell commands.
  • Sanitization: No sanitization or filtering logic is specified for the repository content.
  • [COMMAND_EXECUTION]: The CHECK_GATES section instructs the agent to execute local command-line tools using no-op flags (e.g., --help, version checks, or dry-runs) to confirm they are available in the repository environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 08:37 AM
Security Audit — agent-trust-hub — ts-plan