executing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to load and strictly follow instructions from external plan files, creating a vulnerability surface where a malicious plan could influence agent behavior.
- Ingestion points: The implementation plan file is read during 'Step 1: Load and Review Plan'.
- Boundary markers: Absent. The skill does not define specific delimiters or instructions to the agent to disregard formatting-based injections within the plan files.
- Capability inventory: The skill allows for task execution and 'verifications' as specified in the plan, which provides a pathway for arbitrary command execution.
- Sanitization: The skill includes a manual review step ('Review critically') and a requirement to stop if instructions are unclear, serving as a human-in-the-loop or agent-reasoning-based safety check.
- [COMMAND_EXECUTION]: The workflow involves 'Execute Batch' steps where the agent is told to 'Follow each step exactly' and 'Run verifications as specified'.
- These instructions facilitate the execution of commands (shell scripts, test suites, or CLI tools) defined within the untrusted plan data.
- [NO_CODE]: The skill consists entirely of markdown instructions and does not include any accompanying scripts, executables, or configuration files.
Audit Metadata