planning
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It reads and analyzes untrusted data from the codebase to generate implementation plans and automated verification commands.\n- Ingestion points: Reads all files identified by research agents and the Read tool (SKILL.md).\n- Boundary markers: Lacks explicit instructions or delimiters to ignore potential malicious instructions embedded in the codebase files.\n- Capability inventory: Capable of file reading, file writing (to the thoughts/ directory), and generating shell commands for verification.\n- Sanitization: No sanitization or filtering is performed on the content of the ingested files.\n- [COMMAND_EXECUTION]: The skill generates implementation plans that include an "Automated Verification" section containing runnable shell commands (e.g.,
make test,npm run lint). This allows for the potential suggestion of malicious commands if the planning process is influenced by poisoned codebase context.
Audit Metadata