executing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill acts as an execution engine for external 'plan' files, which constitutes a significant surface for indirect prompt injection.
- Ingestion points: Step 1 ('Load and Review Plan') specifically directs the agent to read an external file from its environment.
- Boundary markers: Absent. There are no instructions to the agent to treat the plan content as data rather than instructions, nor are there delimiters to prevent the plan from overriding the agent's primary safety guidelines.
- Capability inventory: The skill grants the agent permission to 'Execute Batch' tasks, 'Follow each step exactly', and 'Run verifications', which often involve high-privilege actions like shell command execution or file system modification.
- Sanitization: Absent. The 'critical review' mentioned in Step 1 focuses on technical gaps rather than security validation or instruction filtering.
Audit Metadata