Skills
skills/ibrahim-3d/conductor-orchestrator-superpowers/executing-plans/Gen Agent Trust Hub

executing-plans

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes implementation plans from external files and is instructed to 'Follow each step exactly', creating a surface for instructions embedded in those plans to hijack agent behavior.
  • Ingestion points: The skill uses read_file to ingest implementation plans from paths specified by the user or an orchestrator via the --plan parameter.
  • Boundary markers: No specific delimiters or safety instructions are provided to help the agent distinguish between the skill's operational instructions and the potentially untrusted content of the plan file.
  • Capability inventory: The skill possesses significant capabilities including file system modification (TodoWrite, replace tool) and general task execution, which are applied to the steps defined in the plan.
  • Sanitization: There is no logic provided to sanitize, validate, or filter the content of the plan files before the agent begins execution.
  • Autonomous Execution Risk: When invoked in 'Conductor Integration' mode, the skill executes all tasks without human checkpoints, removing the opportunity for an 'architect review' to catch malicious or erroneous instructions injected into the plan.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 10:48 AM