plan2json
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill exhibits a surface for Indirect Prompt Injection (Category 8) as it ingests untrusted data from a file without using delimiters or sanitization.\n- Ingestion points: Reads content from the file path provided as argument
$1inSKILL.md.\n- Boundary markers: Absent. The skill does not provide delimiters to separate external data from system instructions.\n- Capability inventory: IncludesReadandWritetool permissions inSKILL.md.\n- Sanitization: Absent. No validation or filtering is applied to the input content before processing.
Audit Metadata