Skills
skills/ulpi-io/skills/plan-to-task-list-with-dag/Gen Agent Trust Hub

plan-to-task-list-with-dag

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is designed for the legitimate purpose of project planning and task decomposition. It includes explicit guardrails to prevent direct implementation and ensures that all generated tasks are grounded in actual repository structure.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill uses filesystem tools (Read, Glob, Grep) to explore the local codebase for planning purposes. Writing is restricted to the .ulpi/plans/ directory to store markdown and JSON artifacts. No network exfiltration or sensitive file access was identified.
  • [COMMAND_EXECUTION]: The skill uses the Skill tool to invoke the codemap skill for semantic search, which is a standard pattern for multi-skill orchestration. It does not execute arbitrary shell commands.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted input from the user ($request) and repository files (via Read). However, it mitigates risk through a mandatory 'Step 0' that uses AskUserQuestion to challenge scope and confirm the planning mode with the user before proceeding.
  • Ingestion points: The $request argument and repository file content read during Step 1.
  • Boundary markers: None explicitly used for reading file content.
  • Capability inventory: Filesystem writes via Write and TodoWrite tools, and calling other skills via the Skill tool.
  • Sanitization: None detected in the static instructions, but the output is restricted to non-executable documentation formats (Markdown and JSON).
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 06:52 PM