execute-plan
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): Use of behavioral forcing and mandatory recitation. The skill requires the agent to pledge 'I will execute this plan to completion,' which creates an instructional override that may cause the agent to prioritize following the plan over safety guidelines.
- [DATA_EXFILTRATION] (LOW): Potential for unauthorized file access. The agent is instructed to read files from paths like 'plans/*.md', which could be exploited to read or reveal sensitive files if the path naming is manipulated or if sensitive data is stored in the target directory.
- [INDIRECT_PROMPT_INJECTION] (LOW): Significant attack surface in processed plan files. 1. Ingestion points: External markdown files from the 'plans/' directory (SKILL.md). 2. Boundary markers: Absent; no delimiters are used to separate plan content from system instructions. 3. Capability inventory: The skill grants broad permissions to 'Execute all actions required' and perform file-write operations to track status. 4. Sanitization: Absent; the content of the plan file is not validated or sanitized before execution.
Audit Metadata