executing-plans
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill's fundamental purpose is to process and execute instructions from an external source (the 'plan file'), which is a primary vector for indirect prompt injection.
- Ingestion Points: Step 1 explicitly directs the agent to 'Read plan file'.
- Boundary Markers: The skill lacks any definition of delimiters or instructions to ignore embedded prompts within the plan content, increasing the risk that the agent will obey malicious instructions hidden in the plan.
- Capability Inventory: The skill is intended for development tasks, which typically involve file modification, shell command execution, and integration with version control (via
superpowers:using-git-worktrees), providing a high-impact environment for successful injections. - Sanitization: No sanitization or validation of the plan file content is mentioned. While human review checkpoints are included, they are a manual control that can be bypassed by sophisticated adversarial prompts designed to mislead the human or the AI.
Recommendations
- AI detected serious security threats
Audit Metadata