phase-running
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes 'automated verification' commands defined in the 'Success Criteria' section of an external plan file. This intended functionality allows the agent to run arbitrary commands based on data provided in the plan file.
- [COMMAND_EXECUTION]: A hook script
${CLAUDE_PLUGIN_ROOT}/hooks/plan_checkbox_reminder.pyis executed locally after file modifications. This is a vendor-managed resource used for internal automation within the plugin environment. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it reads and follows instructions from external plan files which can influence its behavior and file-system operations.
- Ingestion points: Plan files read during the 'Load Context' step (Step 1).
- Boundary markers: No explicit markers are used to separate plan data from the agent's core instructions.
- Capability inventory: The skill is capable of file creation/modification (Step 3) and shell command execution (Step 4).
- Sanitization: No validation or sanitization of command strings or instructions parsed from the plan file is performed.
Audit Metadata