plan-interview
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill provides an exploit surface for indirect prompt injection by automating the transition from user input to code execution.
- Ingestion points: Untrusted data is ingested through the task description provided at invocation and responses to the 'AskUserQuestion' tool during the interview phases.
- Boundary markers: Absent. There are no instructions or delimiters defined to isolate user input from the skill's logic, allowing input to potentially override the intended planning structure.
- Capability inventory: The skill is capable of writing implementation plans to the file system ('docs/plans/'), populating task trackers ('TodoWrite'), and automatically initiating implementation workflows.
- Sanitization: Absent. Requirement domains are gathered dynamically and included in the final plan without any described validation or sanitization process.
- Risk Assessment: An attacker-controlled task description could inject malicious steps into the 'Implementation Checklist'. Since the skill is designed to 'Auto-start implementation immediately' after approval, it reduces the opportunity for a user to catch and intercept injected instructions before they result in codebase modifications.
Recommendations
- AI detected serious security threats
Audit Metadata