executing-plans
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of processing and executing instructions from external files.
- Ingestion points: The agent is instructed to read a plan file from the workspace in Step 1.
- Boundary markers: The skill lacks specified delimiters or instructions for the agent to identify or ignore malicious prompts that might be embedded within the plan data.
- Capability inventory: The agent utilizes powerful tools such as
warcraft_worktree_createandtask(which spawns sub-agents) to carry out the steps defined in the plan, providing a path for malicious instructions to affect the environment. - Sanitization: The process does not include any validation, filtering, or sanitization steps for the content of the implementation plan before it is executed.
Audit Metadata