executing-plans
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and execute instructions from external plan files, which presents an indirect prompt injection surface.
- Ingestion points: The agent is instructed to read a plan file in Step 1.
- Boundary markers: No specific delimiters for untrusted content are defined, though the instructions mandate a critical review process.
- Capability inventory: Implementation involves code changes, running verifications/tests, and git operations via integrated sub-skills such as
using-git-worktreesandfinishing-a-development-branch. - Sanitization: The skill lacks automated sanitization of the plan content, relying on the agent's evaluation and scheduled checkpoints for human feedback to mitigate risks.
Audit Metadata