validation-plan-artifacts
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from project artifacts, creating a surface for indirect prompt injection.
- Ingestion points: The skill reads and understands external files such as requirements.md, data-model.md, and contracts/api.yaml (SKILL.md, Step 1).
- Boundary markers: There are no explicit delimiters or instructions defined to isolate the content of the artifacts being reviewed from the agent's instruction set.
- Capability inventory: The skill has the capability to run a local Python script (scripts/check-artifacts.py) to perform automated validation on files.
- Sanitization: No sanitization or validation of the input data is performed before it is processed by the agent or passed to the validation script.
- [COMMAND_EXECUTION]: The skill executes a local Python script as part of its automated validation workflow.
- Execution method: The skill instructions in references/PHASE-CHECKLISTS.md specify running 'python scripts/check-artifacts.py' on local files.
- Functional purpose: The script identifies unresolved markers, validates traceability, and checks for PII sensitivity annotations.
- Security context: This is a legitimate functional capability provided by the skill author for document linting and does not require elevated privileges or external connectivity.
Audit Metadata