engineer-plan
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it aggregates data from various sources to inform its implementation plans.
- Ingestion points: The skill reads content from technical specifications (
docs/tech-specs/), product requirements (docs/prds/), and past solutions (docs/solutions/), as well as user-supplied text via$ARGUMENTS. - Boundary markers: There are no explicit delimiters or specific instructions provided to the sub-agents to disregard or isolate potentially malicious instructions embedded within the analyzed documents.
- Capability inventory: The agent has permission to use
WriteandTodoWritetools, allowing it to create persistent plan files and task lists based on the aggregated (and potentially poisoned) data. - Sanitization: No input validation or sanitization is performed on the data retrieved from the local filesystem before it is processed by the agent or its sub-agents.
- [COMMAND_EXECUTION]: The skill programmatically initiates sub-agent tasks using the
Tasktool to perform parallel analysis and research. While this is the intended functional design for decomposing complex features, it involves executing instructions across multiple agent contexts based on external documentation.
Audit Metadata