executing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill relies on reading task details from an external issue tracker via the
bd show <id>command and instructs the agent to follow the steps exactly. This creates a surface for indirect prompt injection where a malicious actor could embed instructions in an issue description to manipulate the agent's behavior.\n - Ingestion points: Ingestion occurs in
SKILL.md(Step 1) andreferences/batch-execution-detail.md(Step 2) when the agent reads issue details.\n - Boundary markers: Absent. The skill does not provide delimiters or instructions to treat issue content as untrusted data.\n
- Capability inventory: The agent can perform file system modifications, execute local shell commands (
git,bd), and invoke other development skills.\n - Sanitization: Absent. There is no sanitization or validation of the text retrieved from the issue tracker.\n- Command Execution (SAFE): The skill utilizes local development tools including
gitand thebdCLI. These operations are limited to project state management and local file operations and do not represent a high security risk in this context.
Audit Metadata