review-plan
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection by processing external implementation plans and passing the content to sub-agents without sanitization or boundary markers.
- Ingestion points: Plan files are read from the local file system using a user-provided path.
- Boundary markers: The instructions for the five parallel agents in Step 3 interpolate the 'Full plan content' directly into the prompt without utilizing XML tags, triple backticks, or other delimiters to isolate untrusted data.
- Capability inventory: The agents can search the local codebase and write review reports to the disk.
- Sanitization: No content filtering or validation is performed on the data extracted from the implementation plans before it is analyzed by the agents.
Audit Metadata