plan-generator
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is explicitly designed to generate and execute shell commands using the
Bashtool. Its core 'Iron Law' mandates that every planning task must include an executable command, creating a direct path from plan generation to command execution. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by transforming arbitrary user requirements into executable bash commands. A malicious user could provide requirements that trick the agent into generating harmful commands (e.g., data deletion or unauthorized access) as part of a legitimate-looking plan.
- Ingestion points: User requirements parsed in the 'Analyze Requirements' step (Step 1).
- Boundary markers: None present; the skill lacks delimiters or instructions to ignore embedded commands within user requirements.
- Capability inventory: Access to
Bash,Write,Edit,Glob,Grep, andSkilltools enables a wide range of file and system operations. - Sanitization: No validation or sanitization logic is implemented to filter potentially malicious requirements before they are converted into executable tasks.
Audit Metadata