plan-agent
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the
lscommand to verify the existence of a codebase map in the session's handoff directory. - [DATA_EXPOSURE]: The agent reads local codebase files and conversation context to generate planning documents. Output is written to local directories such as
thoughts/shared/plans/andthoughts/handoffs/. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted input from the conversation context and external codebase files which could potentially contain malicious instructions.
- Ingestion points: The skill ingests 'Conversation context' and files identified by 'scout' agents (referenced in Step 2 and Step 3).
- Boundary markers: No explicit boundary markers or isolation instructions are provided within the skill to distinguish between system instructions and processed data.
- Capability inventory: The skill has the capability to spawn sub-agents (
scout), read files, write files, and execute basic shell commands (ls). - Sanitization: No sanitization or validation logic is specified for the data retrieved from the codebase or conversation history.
Audit Metadata