executing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and act upon instructions from an external plan file, creating a surface for indirect prompt injection. * Ingestion points: External plan files are loaded and read in Step 1 of the process. * Boundary markers: The skill lacks explicit delimiters or instructions to ignore embedded commands within the ingested plan data. * Capability inventory: The skill possesses the ability to execute tasks, run verification commands, and call additional sub-skills such as 'finishing-a-development-branch'. * Sanitization: There is no evidence of sanitization, validation, or escaping of the external plan content before it is processed by the agent.
Audit Metadata