executing-plans
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest and strictly follow instructions from an external file without sanitization.
- Ingestion points: 'Read plan file' (SKILL.md Step 1).
- Boundary markers: Absent. Instructions demand the agent 'Follow each step exactly', which bypasses safety filtering of the plan's content.
- Capability inventory: The skill is used for software development tasks, including executing code and running verification scripts.
- Sanitization: Absent.
- [Command Execution] (MEDIUM): The agent is instructed to 'Run verifications as specified' in the plan file. This allows an attacker to specify arbitrary shell commands for execution under the guise of verification.
Recommendations
- AI detected serious security threats
Audit Metadata