plan-interrogate
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, executable scripts, or remote code patterns were detected. The skill consists entirely of instructional markdown to guide the agent's behavior.
- [PROMPT_INJECTION]: The skill processes user-supplied plans, creating a surface for indirect prompt injection. Evidence Chain: 1. Ingestion Point: User-supplied plan input (SKILL.md). 2. Boundary Markers: Absent. 3. Capability Inventory: Codebase and document reading capabilities (SKILL.md, Step 6). 4. Sanitization: Absent. The structured workflow requiring a restatement of the plan and extraction of a decision tree provides a natural mitigation against malicious instructions by forcing the agent to parse the input into a specific logical framework before acting.
Audit Metadata