The Agent Skills Directory

PROMPT_INJECTION (LOW): The skill possesses a surface for indirect prompt injection (Category 8). • Ingestion points: The agent is directed to 'Read plan file' as the first step of its process. • Boundary markers: Absent; there are no instructions to use delimiters or to treat the plan content as untrusted data separate from the agent's core instructions. • Capability inventory: The skill empowers the agent to 'Execute tasks', 'Follow each step exactly', and 'Run verifications', which could lead to unauthorized actions if the plan file contains malicious commands. • Sanitization: Absent; no validation, escaping, or filtering of the external plan content is performed before execution.

executing-plans