auto-plan

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill generates and executes shell commands (referred to as "validate commands") to verify individual build tasks. This is a central component of its planning and verification phase as described in Phase 1 and Phase 3 of the SKILL.md.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests data from a project specification and the local repository to determine its actions.
  • Ingestion points: The skill reads a user-provided specification file and the existing repository structure (Phase 0 in SKILL.md).
  • Boundary markers: The instructions do not specify the use of delimiters or "ignore" instructions for the content of the specification or repository files when processing them into tasks.
  • Capability inventory: The skill uses Bash, Read, Write, and Edit tools across multiple phases to create files and execute verification commands.
  • Sanitization: There is no evidence of sanitization or validation of the input specification content before it is interpolated into task definitions and validate commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 09:15 AM
Security Audit — agent-trust-hub — auto-plan