ts-workflow-plan-review

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill orchestrates a multi-step agent workflow with explicit isolation measures. It mandates that sub-agents start with a fresh context, preventing the leakage of sensitive data or malicious instructions across sessions. Additionally, it ensures that sub-agents are terminated after their task returns a status line, preventing unauthorized persistence or resource consumption.
  • [PROMPT_INJECTION]: The skill has an inherent surface for indirect prompt injection as it ingests and processes user requests and automated review findings.
  • Ingestion points: The workflow captures the 'Source request' in the CREATE_LOG phase and reads 'Open Findings' during the ROUTE_NEXT_PASS phase in SKILL.md.
  • Boundary markers: While the prompts for sub-agents use clear structural markers like markdown blocks, they lack specific instructions to ignore potentially malicious embedded content within the ingested request or findings.
  • Capability inventory: The skill utilizes the ts-log skill for file/log management and dispatches sub-agents for planning (ts-plan) and review (ts-review) tasks.
  • Sanitization: No explicit sanitization, escaping, or schema validation is applied to the source request or review findings before they are interpolated into the prompts for the planning and review judges.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 08:37 AM
Security Audit — agent-trust-hub — ts-workflow-plan-review