Skills
NYC
skills/duc01226/easyplatform/plan-validate/Gen Agent Trust Hub

plan-validate

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (MEDIUM): The skill ingests untrusted data from plan.md and phase-*.md to generate interview questions and update documentation.
  • Ingestion points: Reads plan.md and all phase-*.md files in the directory specified by the user or current context.
  • Boundary markers: Absent. There are no instructions to the agent to treat plan content as data or to ignore embedded instructions within those files.
  • Capability inventory: The agent has the capability to read local files, modify plan.md by adding a 'Validation Summary', and present arbitrary questions to the user via the AskUserQuestion tool.
  • Sanitization: Absent. No validation or escaping is performed on the content extracted from the plan files before it is interpolated into questions or written back to the filesystem.
  • Risk: An attacker-controlled plan file could contain hidden instructions that cause the agent to generate misleading questions, recommend insecure options, or inject malicious content into the final documentation summary.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 12:55 PM