plan-b
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): Vulnerability to Indirect Prompt Injection.
- Ingestion points: Workflow step 1 (SKILL.md) instructs the agent to 'Scan context quickly', 'Read README.md and obvious docs', and 'Skim relevant files'.
- Boundary markers: Absent; the instructions do not define delimiters or isolation markers for content read from the file system.
- Capability inventory: The skill is designed to 'Spawn subagents' and 'synthesize a single best plan'; it does not request network, file-write, or shell execution permissions within its own logic.
- Sanitization: Absent; content read from external files is interpolated directly into the context used by subagents and the final synthesis step.
- Risk: Malicious instructions embedded in scanned project files could manipulate the planning subagents or the final synthesized output, leading to the generation of unsafe or compromised coding tasks.
Audit Metadata