review-plan
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by processing external implementation plans through multiple specialized sub-agents.\n
- Ingestion points: Implementation plans are ingested from local files or extracted from the conversation context during the extraction step in
SKILL.md.\n - Boundary markers: The prompt templates in
references/agent-prompts.mdinterpolate plan content (e.g.,{full_plan},{plan_summary}) directly into sub-agent prompts without utilizing delimiters or clear boundary markers to isolate the user-provided content from the agent's instructions.\n - Capability inventory: The skill can search local documentation via
Grep, perform web-based research using theresearch-onlinetool, and query external models viasecond-opinion.\n - Sanitization: No evidence of input validation, escaping, or explicit instructions for the sub-agents to ignore embedded commands within the reviewed plans is present in the skill's configuration.
Audit Metadata