executing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill directs the agent to ingest and follow instructions from an external 'plan file', which may contain adversarial instructions.
- Ingestion points: Step 1.1 ('Read plan file') is the primary entry point for untrusted external data.
- Boundary markers: Absent. The instructions do not define delimiters or specific constraints to prevent the agent from obeying instructions embedded within the plan.
- Capability inventory: The skill is designed to execute tasks, run verifications, and call secondary skills for development completion.
- Sanitization: Absent. There is no instruction to validate or sanitize the plan content before the agent begins the execution batch.
Audit Metadata