parallel-review-plan
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted plan artifacts (markdown, design docs, YAML) to generate its findings. Maliciously crafted content within these input files could potentially influence the agent's logic or structured output.\n
- Ingestion points: openspec/changes// (proposal.md, design.md, tasks.md, spec.md, contracts/, work-packages.yaml)\n
- Boundary markers: Absent from instructions.\n
- Capability inventory: File system write access, local Python execution for validation.\n
- Sanitization: Absent.\n- [COMMAND_EXECUTION]: The skill uses a local shell command (python3 -c) to validate the generated JSON findings against a local schema file. While this is a common integrity check, it represents a command execution capability triggered by the skill's logic.
Audit Metadata