using-plan-and-execute
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (HIGH): Use of extreme imperative language ("ABSOLUTELY MUST", "NOT NEGOTIABLE") and instructions to ignore internal reasoning ("Common Rationalizations That Mean You're About To Fail") to bypass agent safety filters and force tool usage.
- [Indirect Prompt Injection] (HIGH): Mandates reading and executing any potentially applicable skill ("1% chance"), creating a vulnerability where malicious skills can force their own execution. Ingestion points: System context skills (SKILL.md). Boundary markers: Absent; the skill commands the agent to follow other skills exactly without discretion. Capability inventory: Uses the "Skill" tool for invocation and "TaskCreate"/"TodoWrite" for persistence of execution steps. Sanitization: Absent; the skill explicitly forbids adapting or questioning the rules of other skills.
Recommendations
- AI detected serious security threats
Audit Metadata