execute-plan
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Prompt Injection (MEDIUM): The skill implements a workflow that reads from
.plan.mdfiles and generates instructions for a secondary UI testing subagent. This creates a vulnerability where a malicious plan file can inject commands or deceptive instructions into the agent's output, potentially leading to unauthorized actions by downstream agents.\n - Ingestion points: Reads file content from
.cursor/plans/*.plan.mdduring the 'Load the plan file' step.\n - Boundary markers: Absent. The skill does not instruct the agent to distinguish between data (the tasks) and potentially malicious instructions embedded within the plan file.\n
- Capability inventory: The skill modifies local files, moves files between directories (archiving), and generates handoff documentation that acts as a trigger for other agents.\n
- Sanitization: Absent. Content from the plan file is mirrored directly into response summaries and the 'Reviewer Handoff' section without validation.
Audit Metadata