executing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection as it is designed to ingest and execute instructions from external implementation plans.
- Ingestion points: Implementation plans are read from the 'docs/exec-plans/active/' directory.
- Boundary markers: The instructions do not define specific delimiters or security warnings to distinguish plan data from high-privilege execution instructions.
- Capability inventory: The agent is empowered to 'Follow each step exactly' and 'Run verifications,' which can involve arbitrary command execution or file system modifications depending on the plan content.
- Sanitization: No automated sanitization is present, although the workflow includes manual review by the agent and checkpoints for human feedback to mitigate potential malicious content in plans.
- [COMMAND_EXECUTION]: The skill utilizes a bash script to archive implementation plans. This script performs directory creation and file movement within the documentation structure.
Audit Metadata