executing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): Indirect Prompt Injection Surface.
- Ingestion points: The skill reads an external plan file (Step 1: "Read plan file") provided by a partner/user.
- Boundary markers: Absent. There are no technical delimiters or instructions for the agent to distinguish between implementation details and potential malicious instructions within the plan file.
- Capability inventory: The skill is designed to "Execute tasks" and "Run verifications" (Step 2), which typically involves file system modifications and shell command execution in the context of development.
- Sanitization: The skill relies on a "Critical Review" (Step 1.2) by the AI as its primary safety check. While it encourages the AI to raise concerns, it lacks technical sanitization or validation of the plan content.
Audit Metadata