engineer-plan-review
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection surface detected within the implementation plan review workflow.
- Ingestion points: The skill reads data from files located in docs/plans/, docs/tech-specs/, and docs/prds/.
- Boundary markers: The skill lacks explicit markers or instructions to isolate the ingested file content from the sub-agent's operational instructions.
- Capability inventory: The skill has the ability to modify local files using Write and Edit tools.
- Sanitization: There is no evidence of sanitization or validation of the input data before it is processed by the LLM.
- Mitigation: The workflow includes an interactive Step 4 where the user must approve each recommendation via AskUserQuestion before any file updates occur, serving as a primary defense against unintended actions.
Audit Metadata