Skills
skills/pcvelz/superpowers/executing-plans/Gen Agent Trust Hub

executing-plans

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes implementation plans and task metadata from the local workspace, which creates a surface for indirect prompt injection.
  • Ingestion points: Loads plan content from files and state from <plan-path>.tasks.json or .tasks.json.
  • Boundary markers: The skill relies on natural language instructions for the agent to 'Review critically' and 'STOP executing immediately' if instructions are unclear, rather than technical delimiters.
  • Capability inventory: The agent has the ability to perform file modifications and execute Git commands via integrated sub-skills.
  • Sanitization: There is no evidence of automated sanitization or validation of the plan text before the agent attempts to follow its steps.
  • [COMMAND_EXECUTION]: The skill executes local system commands to manage the development environment.
  • Evidence: Calls git worktree list to inspect the local Git configuration and determine if a worktree already exists for the plan's branch.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 05:13 PM