workflow-execute-plans
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8). Evidence: 1. Ingestion points: The skill reads from 'plan_path' (SKILL.md). 2. Boundary markers: No explicit delimiters are defined to isolate plan content from instructions. 3. Capability inventory: The skill is authorized to perform full implementations, including file modifications and command execution across the repository. 4. Sanitization: Relies on the agent's internal 'critical review' and a manual human feedback pause after 3 tasks.
- [COMMAND_EXECUTION] (HIGH): The workflow allows the agent to execute implementation tasks defined in external plans. This constitutes a command execution surface where malicious instructions in a plan could lead to unauthorized system actions.
Recommendations
- AI detected serious security threats
Audit Metadata