executing-plans
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill defines a process for the agent to load and follow external implementation plans, which introduces a potential surface for indirect prompt injection. If an adversary provides a malicious plan, it could attempt to manipulate the agent's behavior during execution. * Ingestion points: External plan files are loaded and reviewed in Step 1. * Boundary markers: The skill does not define explicit delimiters or instructions to disregard embedded commands in the plans, though it mandates a critical review. * Capability inventory: The agent is tasked with implementing plan steps and running verifications, which typically involves shell access and file operations. * Sanitization: No sanitization or strict schema validation is described for the content of the plans.
- [NO_CODE]: This skill consists exclusively of markdown-based instructions and metadata; it does not contain any executable scripts, binaries, or source code for direct analysis.
Audit Metadata