plan-analysis
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- **[Prompt Injection
- Indirect] (HIGH):** The skill's core purpose is to read, parse, and execute instructions from an external 'implementation plan' file. This creates a significant attack surface where a malicious plan could override the agent's instructions.
- Ingestion points: Implementation plan files (referenced in description and Phase 1).
- Boundary markers: Absent. The instructions command the agent to 'Read and parse the implementation plan completely' without delimiters or warnings to ignore embedded instructions.
- Capability inventory:
Bash,Write,Edit,Task,TodoWrite(powerful tools for system modification). - Sanitization: Absent. There is no logic to filter or validate the content of the plan before performing impact analysis or 'Executing planned updates'.
- [Command Execution] (MEDIUM): The skill explicitly grants the
Bashtool. While intended for discovery (Grep, Glob), the lack of constraints means any instruction found within a malicious 'Implementation Plan' could lead to arbitrary command execution on the host system.
Recommendations
- AI detected serious security threats
Audit Metadata