plan-review
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: Executes a shell command ('ls -t ai-workspace/plans/*.md | grep -v ".done.md" | head -1') to identify the most recent plan file within a specific workspace directory.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes untrusted markdown content from project plan files.
- Ingestion points: Reads the full body text of markdown files from the 'ai-workspace/plans/' directory (SKILL.md).
- Boundary markers: No delimiters or 'ignore embedded instructions' warnings are implemented when passing plan content to review agents.
- Capability inventory: The skill uses an 'Agent tool' to trigger parallel tasks in other agents and executes shell commands to list files.
- Sanitization: There is no evidence of sanitization, escaping, or validation of the plan content before it is processed or passed to sub-agents.
Audit Metadata