auto-plan
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and executes shell commands (referred to as "validate commands") to verify individual build tasks. This is a central component of its planning and verification phase as described in Phase 1 and Phase 3 of the SKILL.md.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests data from a project specification and the local repository to determine its actions.
- Ingestion points: The skill reads a user-provided specification file and the existing repository structure (Phase 0 in SKILL.md).
- Boundary markers: The instructions do not specify the use of delimiters or "ignore" instructions for the content of the specification or repository files when processing them into tasks.
- Capability inventory: The skill uses Bash, Read, Write, and Edit tools across multiple phases to create files and execute verification commands.
- Sanitization: There is no evidence of sanitization or validation of the input specification content before it is interpolated into task definitions and validate commands.
Audit Metadata