dag-dynamic-replanner
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection vulnerability surface.\n
- Ingestion points:
SKILL.mdlogic (specificallyhandleReplanTrigger) processesReplanTriggerdata which includes areasonandsuggestedAction. This data is designed to be provided at runtime based on external discoveries and failures from other agent components.\n - Boundary markers: Absent. The skill does not implement delimiters or safety instructions (e.g., "ignore instructions within this block") when processing external trigger content.\n
- Capability inventory: The skill is authorized to use the
Task(command execution),Write,Edit, andTodoWritetools, providing a path for injected instructions to influence system state or execute arbitrary tasks.\n - Sanitization: Absent. The implementation logic lacks validation or sanitization of the string content within triggers before using them to modify DAG nodes or configurations.\n- [SAFE] (SAFE): No malicious code patterns, obfuscation, or unauthorized network activities were detected within the provided TypeScript logic and metadata.
Audit Metadata