executing-plans
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute local shell commands for running test suites, linters, type-checkers, and build tools (e.g., 'npm test'). These are standard developer operations intended to verify code quality during implementation.\n- [PROMPT_INJECTION]: The skill processes external 'plan documents', which represents an indirect prompt injection surface. A malicious plan could attempt to guide the agent toward unauthorized actions. This risk is mitigated by explicit instructions for the agent to flag security concerns as blockers and mandatory user approval checkpoints between task batches.\n
- Ingestion points: External implementation plan documents (Phase 1).\n
- Boundary markers: Mandatory checkpoint reports and explicit user confirmation requirements (Phases 4 and 5).\n
- Capability inventory: Local command execution for automated verification and testing (Phase 3).\n
- Sanitization: No programmatic sanitization is defined; security depends on agent reasoning and user oversight.\n- [NO_CODE]: The skill consists only of instructional markdown and does not include or execute external scripts, reducing the direct implementation attack surface.
Audit Metadata