implementation-planner
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- PROMPT_INJECTION (LOW): The script
scripts/init_plan.pycreates an indirect prompt injection surface by interpolating unsanitized user input (plan_id) into markdown templates. If the agent later reads these generated files, it could be influenced by malicious instructions embedded in the input. * Ingestion points:scripts/init_plan.pytakes input via theplan_idargument. * Boundary markers: Absent. Templates in theassets/directory lack delimiters or warnings to ignore embedded instructions. * Capability inventory: The skill facilitates file creation and project organization. * Sanitization: None; the script uses simple string replacement. - DATA_EXFILTRATION (LOW): The
plan_idargument is used directly in file path construction without sanitization, allowing for potential path traversal. Evidence: Inscripts/init_plan.py,plan_dir = base_dir / str(plan_id)(line 60) andoutput_path = plan_dir / filename(line 116) allow relative path segments to manipulate output locations.
Audit Metadata