executing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (LOW): Detected potential for indirect prompt injection through data ingestion.
- Ingestion points: The skill instructions explicitly require reading external plan files in 'Step 1: Load and Review Plan'.
- Boundary markers: No specific boundary delimiters or safety markers (e.g., XML tags or 'ignore' instructions) are defined for the plan content.
- Capability inventory: The skill allows for task execution which includes using sub-skills like 'TodoWrite' and 'finishing-a-development-branch' based on instructions found in the plan.
- Sanitization: No sanitization or validation of the plan content is performed prior to execution beyond a manual 'critical review' by the agent.
- NO_CODE (SAFE): The skill consists entirely of instructional markdown and does not contain or download any executable scripts or code.
Audit Metadata