ts-workflow-plan-review
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill orchestrates a multi-step agent workflow with explicit isolation measures. It mandates that sub-agents start with a fresh context, preventing the leakage of sensitive data or malicious instructions across sessions. Additionally, it ensures that sub-agents are terminated after their task returns a status line, preventing unauthorized persistence or resource consumption.
- [PROMPT_INJECTION]: The skill has an inherent surface for indirect prompt injection as it ingests and processes user requests and automated review findings.
- Ingestion points: The workflow captures the 'Source request' in the
CREATE_LOGphase and reads 'Open Findings' during theROUTE_NEXT_PASSphase inSKILL.md. - Boundary markers: While the prompts for sub-agents use clear structural markers like markdown blocks, they lack specific instructions to ignore potentially malicious embedded content within the ingested request or findings.
- Capability inventory: The skill utilizes the
ts-logskill for file/log management and dispatches sub-agents for planning (ts-plan) and review (ts-review) tasks. - Sanitization: No explicit sanitization, escaping, or schema validation is applied to the source request or review findings before they are interpolated into the prompts for the planning and review judges.
Audit Metadata