executing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to load and execute external 'plan' files, creating a surface where untrusted data could influence agent behavior.
- Ingestion points: SKILL.md (Step 1: Load and Review Plan).
- Boundary markers: None specified to distinguish plan instructions from system boundaries.
- Capability inventory: The skill triggers the execution of tasks and verifications based on the plan content, which may involve other system-level tools or skills.
- Sanitization: No programmatic sanitization is defined, but the workflow mandates a critical review by a 'human partner' to identify concerns before starting.
Audit Metadata