executing-plans
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill directs the agent to ingest and execute content from an external 'plan file' with the instruction to 'Follow each step exactly', creating a significant attack surface.
- Ingestion points: The agent reads an external plan file in Step 1.
- Boundary markers: Absent. There are no instructions to isolate the plan's content or ignore system-level overrides embedded in the plan.
- Capability inventory: High. The agent is authorized to implement code, run verifications, and call further sub-skills based on the plan.
- Sanitization: Absent. The agent is not instructed to sanitize the plan content or validate commands before execution.
- [External Downloads] (LOW): The skill references an external dependency
superpowers:finishing-a-development-branch. While this appears to be an internal platform reference, it is an unverified external dependency that the agent is 'REQUIRED' to use.
Recommendations
- AI detected serious security threats
Audit Metadata