executing-plans
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection. \n- Ingestion points: Step 1 reads an external plan file from the workspace. \n- Boundary markers: None; there are no instructions to differentiate between plan data and control instructions. \n- Capability inventory: Step 2 allows the plan to dictate tasks and verifications, which often involve command-line execution or file system writes. \n- Sanitization: None performed on the plan's content. \n- [Command Execution] (HIGH): The skill provides a direct path for arbitrary command execution by requiring the agent to 'Follow each step exactly' and 'Run verifications as specified' in the untrusted plan file.
Recommendations
- AI detected serious security threats
Audit Metadata