executing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection as it ingests and follows instructions from external plan files. Evidence Chain: 1. Ingestion point: SKILL.md Step 1. 2. Boundary markers: Absent. 3. Capability inventory: Execution of batch tasks and sub-skill calls. 4. Sanitization: None; relies on AI critical review and human feedback.
- [No Code] (SAFE): The skill contains only instructional markdown and no executable script files, reducing the direct attack surface.
Audit Metadata