interviewing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOWNO_CODEPROMPT_INJECTION
Full Analysis
- [NO CODE] (SAFE): The skill contains no scripts, binaries, or external dependencies. It is a pure instruction set for the agent.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted data from user-provided plans. Ingestion points: Plan files via the
/interview-plancommand. Boundary markers: None identified in the prompt logic to isolate user content from instructions. Capability inventory: Interaction is limited toAskUserQuestionand generating a markdown specification, with no file system write, network, or subprocess capabilities detected. Sanitization: No validation or sanitization is performed on input plan content. This represents a low-risk surface where a malicious plan could influence the agent's reasoning or interview output.
Audit Metadata