executing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Prompt Injection] (LOW): The skill is designed to ingest and follow instructions from a 'plan file', which is a vector for Indirect Prompt Injection. The risk is managed by procedural guardrails including critical review and reporting.
- Ingestion points: Plan file loaded in Step 1.1.
- Boundary markers: None; the skill does not use delimiters to wrap the untrusted plan content.
- Capability inventory: Task execution and verification (Step 2) which typically involves shell command execution in a dev environment.
- Sanitization: None; the skill relies on the agent's ability to 'Review critically' (Step 1.2) and the 'Report' loop (Step 3) for human oversight.
- [No Code] (SAFE): This skill contains no executable scripts (.py, .js, .sh), only Markdown instructions and YAML metadata.
Audit Metadata