implement-local-plan
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to read and follow instructions from local files in the
.github/plans/and.github/reports/directories. This creates a surface for indirect prompt injection if those files are modified by an untrusted source.\n- Ingestion points: Data is ingested from files within the.github/plans/and.github/reports/directories.\n- Boundary markers: The skill lacks explicit markers or instructions to differentiate between the system's core directives and potentially malicious instructions contained within the plan files.\n- Capability inventory: The skill has the capability to read/write files and execute git commands (specificallygit commit).\n- Sanitization: There is no evidence of sanitization, validation, or filtering of the content read from the local files before it is used to guide the agent's actions.
Audit Metadata