executing-plans
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it executes instructions sourced from external implementation plans.\n
- Ingestion points: Plan data is ingested from a file in 'Step 1: Load and Review Plan'.\n
- Boundary markers: The skill does not define or use explicit delimiters or markers to isolate external plan content from the agent's system instructions.\n
- Capability inventory: The workflow involves executing tasks and running verifications, which frequently requires shell command execution or direct code modification capabilities.\n
- Sanitization: The skill relies on a manual 'critical review' by the agent rather than automated input sanitization or validation routines.\n- [NO_CODE]: The skill consists entirely of instructional Markdown content and does not bundle any scripts, binaries, or automated installation logic.\n- [SAFE]: No evidence of hardcoded credentials, data exfiltration, or obfuscation was found. The skill includes explicit safety instructions, such as prohibiting implementation on the main branch without user consent.
Audit Metadata