spec-execute
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection vulnerability surface as it reads and strictly follows implementation instructions from 'plan.md', an untrusted source that could be modified by users or other agents. Malicious logic or code backdoors injected into the plan could be implemented into the codebase by the agent.
- Ingestion points: Contents of 'plan.md' file accessed in Step 1.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present when processing the plan document.
- Capability inventory: File creation, code modification, task creation via TaskCreate, and shell command execution via 'mv'.
- Sanitization: No sanitization or validation logic is present to filter malicious instructions from the plan document before implementation.
- [COMMAND_EXECUTION]: The skill executes a shell 'mv' command in Step 11 to move directories to an archive. If directory names contain shell-sensitive characters, this could lead to unintended command execution depending on the shell environment.
Audit Metadata