create-implementation-plan
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses phrases like 'interpreted literally' and 'without human interpretation or clarification.' While intended for deterministic behavior, these directives are common prompt injection patterns used to bypass safety filters and reasoning.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the '${input:PlanPurpose}' variable.\n
- Ingestion points: The input is interpolated directly into the SKILL.md file as part of the primary directive.\n
- Boundary markers: Absent. No delimiters or 'ignore embedded instructions' warnings are present to isolate the variable content from the rest of the prompt.\n
- Capability inventory: The skill allows the agent to write and modify files in the '/plan/' directory.\n
- Sanitization: Absent. There is no evidence of validation or escaping of the user-provided purpose before it is used in the prompt.\n- [COMMAND_EXECUTION]: The skill instructs the agent to perform file system operations, specifically writing implementation plan files to the '/plan/' directory.
Audit Metadata