Skills
skills/verygoodopensource/vgv-wingspan/plan/Gen Agent Trust Hub

plan

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill runs local shell commands including ls, grep, and glob to perform codebase research and identify relevant implementation patterns.
  • [EXTERNAL_DOWNLOADS]: It utilizes integrated platform agents such as @official-docs-research-agent and @best-practices-research-agent to gather information from external documentation and best practice repositories.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes external content from user arguments and project files. However, this is consistent with its primary purpose as a planning tool.
  • Ingestion points: Processes $ARGUMENTS and local markdown files from the docs/brainstorm/ directory.
  • Boundary markers: User-provided feature descriptions are encapsulated within <feature_description> tags.
  • Capability inventory: Accesses the local file system via standard discovery commands and can trigger downstream workflows using commands like /build and /create-branch.
  • Sanitization: The skill does not perform explicit sanitization of ingested content before it is incorporated into the planning process.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 04:46 PM