executing-plans
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and follow implementation plans from external sources, which creates a surface for indirect prompt injection. Ingestion points: Implementation plans processed during execution phases (SKILL.md). Boundary markers: Absent; no specific delimiters or warnings to ignore embedded instructions are defined. Capability inventory: Execution of npm scripts (SKILL.md). Sanitization: Absent; the skill does not specify validation or filtering of plan content.
- [COMMAND_EXECUTION]: The skill defines quality gates that involve executing shell commands such as 'npm run lint', 'npm test', and 'npm run build'. While standard for development, these capabilities could be exploited if an attacker-controlled implementation plan influences the project environment or package.json scripts.
Audit Metadata