executing-plans
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest and execute instructions from a plan file. If this file is sourced from an untrusted location, an attacker could embed malicious commands. Ingestion points: SKILL.md Step 1 (Read plan file). Boundary markers: None; instructions state to follow each step exactly. Capability inventory: Step 2 (Run verifications, execute tasks) implies shell or filesystem access. Sanitization: None.
- Command Execution (MEDIUM): The skill requires executing tasks and verifications defined in the plan, allowing arbitrary code execution if the plan is compromised.
Recommendations
- AI detected serious security threats
Audit Metadata