recipe-plan
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes dynamic context injection to run the command
ls -la docs/design/*.md | head -10. This allows the agent to discover available design documents in the project structure at load time. - [PROMPT_INJECTION]: The skill is designed to ingest and process external design documents which represents a potential indirect prompt injection surface.
- Ingestion points: File paths from
docs/design/*.mdare retrieved and passed to sub-agents. - Boundary markers: There are no explicit delimiters or warnings defined to prevent the agent from following instructions that might be embedded within the design documents.
- Capability inventory: The skill has the ability to list files and coordinate the execution of development workflow sub-agents.
- Sanitization: No content validation or sanitization is applied to the design documents before they are processed by the planning sub-agents.
Audit Metadata