executing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and execute steps from an external 'plan file'. This creates a surface for indirect prompt injection where malicious instructions embedded in a plan could attempt to override agent constraints or execute unauthorized commands.
- Ingestion points: Step 1 requires reading an external plan file.
- Boundary markers: Absent. There are no explicit delimiters or instructions to ignore embedded malicious prompts within the plan content.
- Capability inventory: The skill allows for task execution and 'verifications' which typically involve shell command execution or file system modifications.
- Sanitization: The skill relies on 'critical review' by the AI and human checkpoints rather than technical sanitization or validation of the plan content.
- [Command Execution] (SAFE): While the skill facilitates the execution of tasks, it emphasizes a controlled batch process with human review between steps, which mitigates the risk of runaway or unauthorized command execution compared to fully autonomous skills.
Audit Metadata