executing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to read and execute instructions from external plan files, creating an attack surface for indirect prompt injection. Ingestion points: Step 1 requires the agent to read an external 'plan file'. Boundary markers: Absent; the instructions do not define delimiters or specific safety markers to isolate the untrusted plan content from the system prompt. Capability inventory: Step 2 involves executing batches of tasks and running verifications, which likely utilizes the agent's file system and command execution capabilities. Sanitization: Absent; the skill relies on the AI agent's critical review rather than technical sanitization or validation of the input data.
Audit Metadata