executing-plans
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exposes an Indirect Prompt Injection surface by directing the agent to ingest and follow instructions from an external file. \n- Ingestion points: Step 1 involves reading a plan file from the environment. \n- Boundary markers: The skill does not specify delimiters or instructions for the agent to ignore potentially malicious embedded prompts within the plan file. \n- Capability inventory: The execution steps involve following tasks and running verifications, which implies access to file system operations and command execution. \n- Sanitization: There are no instructions for the agent to sanitize or validate the content of the plan before execution.
Audit Metadata