validation-plan-artifacts
Fail
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: CRITICALCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script,
scripts/check-artifacts.py, to perform automated checks on planning artifacts. The script uses standard libraries to search for unresolved placeholders and PII markers within local markdown files. It does not perform network requests or execute external code. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because its primary function is to process untrusted external data.
- Ingestion points: The agent is instructed to read and analyze documentation artifacts such as
requirements.md,data-model.md, andresearch.md(as specified inSKILL.md). - Boundary markers: The instructions do not define clear delimiters or "ignore embedded instructions" directives for the content of the analyzed artifacts.
- Capability inventory: The agent can execute the
check-artifacts.pyscript and generates structured review reports based on the data it ingests. - Sanitization: There is no evidence of sanitization or filtering of the artifact content before it is processed by the LLM, creating a surface for embedded instructions to influence the agent's review verdict.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata