Skills
skills/maibornwolff/acf-research-plan-implement-skills/rpi-implement/Gen Agent Trust Hub

rpi-implement

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and follows instructions from external plan files without sanitization.
  • Ingestion points: Reads plan files from docs/agents/plans/ or user-specified paths, and reads all files referenced within those plans.
  • Boundary markers: Absent. The agent is instructed to "Read the plan completely" and "Follow the plan's intent" without delimiters to separate instructions from untrusted data.
  • Capability inventory: Includes shell command execution (via test commands and linters), file system writes (to implement changes and update plan status), and sub-agent invocation.
  • Sanitization: Absent. The skill does not validate or filter the content of the plan files before execution.
  • [COMMAND_EXECUTION]: The skill explicitly directs the agent to run success criteria checks listed in the plans, such as test commands and linters. This capability can be exploited to execute arbitrary shell commands if a malicious plan is provided.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 07:34 PM