fleet-plan
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a dynamic discovery mechanism that reads FLEET-INDEX.md and individual SKILL.md files from the local directory to plan tasks. This content is then used to generate prompts for worker agents. This creates a surface for indirect prompt injection where malicious instructions in local repository files could influence the orchestrator's planning or the behavior of downstream workers.
- Ingestion points: The skill uses Glob and Read tools to ingest FLEET-INDEX.md and SKILL.md files in Step 0 and Step 2.
- Boundary markers: No explicit delimiters or instructions are provided to separate the ingested file content from the skill's own logic.
- Capability inventory: The skill has Write, Edit, and restricted Bash (ls, mkdir) capabilities.
- Sanitization: There is no evidence of validation or sanitization of the content retrieved from external files before it is processed.
- [COMMAND_EXECUTION]: The skill instructs the user to execute shell scripts (launch.sh and status.sh) located in the skill's subdirectories to manage the lifecycle of the planned fleets.
Audit Metadata