plan-feature
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests data from the local codebase and external research sources to generate a plan that it instructs the user to later execute. This creates a surface where malicious instructions embedded in those external sources could be incorporated into the generated plan.
- Ingestion points: Codebase files during Phase 2 (Codebase Intelligence) and documentation/API research in Phase 3.
- Boundary markers: Absent. The instructions do not define delimiters or provide guidance to disregard commands or instructions found within the analyzed content.
- Capability inventory: Use of the Write/Edit tool to create plan files and the prompt to the user to run the /execute command on the output.
- Sanitization: Absent. No filtering or validation of ingested content is performed before it is written into the plan file.
- [COMMAND_EXECUTION]: Local File Verification. The skill executes shell commands to confirm the existence and size of the output plan file.
- Evidence: Shell execution of
test -f .agents/plans/[feature-name].mdandwc -l .agents/plans/[feature-name].mdduring the verification phase.
Audit Metadata