executing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection through external plan ingestion.
- Ingestion points: Step 1 in
SKILL.mddirects the agent to read an external plan file. - Boundary markers: Absent; there are no instructions to use delimiters or ignore instructions within the plan that contradict safety rules.
- Capability inventory: The skill is used for development tasks, which typically imply file system modification and command execution capabilities.
- Sanitization: Absent; the skill directs the agent to 'follow each step exactly' without prior validation or sanitization of the plan's content.
Audit Metadata