manage-issue-plan
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interpolates untrusted content from the '.workflow/issues/issues.jsonl' file directly into the prompt for the planning tool. A malicious issue entry could influence the generated solution or attempt to override the agent's instructions.
- Ingestion points: The skill reads issue data from '.workflow/issues/issues.jsonl' in Step 1.
- Boundary markers: No delimiters or protective instructions are used to isolate untrusted data in the prompt template built in Step 2.
- Capability inventory: The skill utilizes 'exec_command' to run planning tools and 'Write' to modify project files.
- Sanitization: There is no evidence of sanitization or escaping for the natural language content extracted from the issues file.
- [COMMAND_EXECUTION]: The skill executes external CLI tools via 'exec_command'. It implements a security best practice by writing input data to a temporary file and referencing it in the command string via '$(cat ...)', effectively preventing shell command injection attacks that might target the command parsing logic.
Audit Metadata