plan-execution
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill flow requires the agent and subagents to run 'module test commands' (模块测试命令) derived from implementation plans or subagent reports. This functionality provides a surface for arbitrary shell command execution if the plan files are modified by an attacker.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted implementation plan files and requirements documentation to build subagent instructions.
- Ingestion points: Plan files stored in 'workplace/1.X/plan/' and requirement documents.
- Boundary markers: The prompts use markdown headers and sections to organize data, but they lack explicit instructions to the subagents to ignore or bypass commands embedded within the input data.
- Capability inventory: The skill allows file system modifications (creation of test files and directories) and shell command execution (running tests).
- Sanitization: There is no evidence of validation or sanitization for content read from the plan files before it is interpolated into implementation or review prompts.
Audit Metadata