Skills
skills/laurigates/claude-plugins/blueprint-execute/Gen Agent Trust Hub

blueprint-execute

Pass

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection through its ingestion of the manifest.json file, particularly in Step 2.5.
  • Ingestion points: docs/blueprint/manifest.json is parsed to identify 'auto_run' tasks.
  • Boundary markers: No explicit delimiters or 'ignore' instructions are used when processing the output of the jq command.
  • Capability inventory: The agent has access to Bash and SlashCommand tools, which are used to execute the tasks identified from the JSON.
  • Sanitization: While the write-path uses jq --arg to prevent command injection into the file, the read-path does not sanitize keys extracted from the JSON before they are used to influence the agent's task execution logic. This 'schema confusion' surface could allow a malicious file to influence the agent's behavior.
  • [COMMAND_EXECUTION] (SAFE): The skill uses standard Unix utilities (git, find, grep, jq) for repository analysis and status checking. These commands are used according to best practices and are limited to the local environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 19, 2026, 06:24 PM