planning-and-task-breakdown
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill establishes a high-severity indirect prompt injection surface by combining untrusted data ingestion with execution capabilities. \n
- Ingestion points: The skill explicitly instructs the agent to read external 'specs' and existing codebase sections during the planning phase (Step 1). \n
- Boundary markers: Absent. There are no instructions to use delimiters or ignore instructions embedded within the external specifications. \n
- Capability inventory: The skill template includes the execution of shell commands such as 'npm test' and 'npm run build' as part of the task verification process. \n
- Sanitization: Absent. No filtering or validation logic is proposed for the content of the specifications before they are used to generate implementation plans.\n- [COMMAND_EXECUTION] (LOW): The skill methodology utilizes standard development commands like 'npm test' and 'npm run build'. While these are legitimate tools, they represent the exploitable capability required to complete the indirect prompt injection attack chain.
Recommendations
- AI detected serious security threats
Audit Metadata