Skills
skills/krosebrook/source-of-truth-monorepo/executing-plans/Gen Agent Trust Hub

executing-plans

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill is designed to ingest and execute arbitrary steps from an external 'plan file' provided by a third party.
  • Ingestion points: Step 1 requires reading a 'plan file' (SKILL.md).
  • Boundary markers: Absent. The instructions do not define delimiters or provide warnings to the agent to ignore embedded instructions within the data.
  • Capability inventory: The skill possesses execution capabilities including 'execute tasks in batches', 'Run verifications', and calling sub-skills like 'finishing-a-development-branch' (SKILL.md).
  • Sanitization: Absent. The skill explicitly commands the agent to 'Follow each step exactly', which bypasses typical safety evaluation of the plan content.
  • [Command Execution] (MEDIUM): The skill facilitates the execution of arbitrary commands under the guise of 'tasks' and 'verifications' defined in untrusted external content.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:01 PM