plan-validate
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from local plan files. 1. Ingestion points: plan.md and phase-*.md files are read in Step 1. 2. Boundary markers: The skill does not define clear delimiters or provide instructions to the agent to ignore any embedded commands within the data being processed. 3. Capability inventory: The agent has access to tools including Bash, TaskCreate, and AskUserQuestion in SKILL.md, which could be abused if the agent follows instructions found within the plan files. 4. Sanitization: There is no evidence of sanitization, filtering, or validation of the content retrieved from external files before it is processed by the agent.
Audit Metadata