plan-execution
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) as it processes data from PRD files that may contain instructions designed to manipulate the agent's behavior.
- Ingestion points: The agent reads PRD files from
docs/planning/prds/in Step 1. - Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the skill definition.
- Capability inventory: The skill is authorized to search the codebase (Glob/Grep), create directories and files in
docs/planning/plans/, and modify existing PRD file frontmatter. - Sanitization: No sanitization or validation of the PRD content is performed before it is used to guide the search and planning phases.
- [COMMAND_EXECUTION]: The skill workflow requires the agent to execute search commands (Glob/Grep) to verify file paths and identify related components. While intended for context gathering, these commands are driven by input parsed from the PRD files.
Audit Metadata