implement-plan
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill uses instructional language to define a persona and workflow constraints. There are no attempts to bypass safety filters or disregard system prompts.
- [Data Exposure & Exfiltration] (SAFE): The skill describes reading and modifying local code files as part of its primary function. It contains no network operations, external data transmission, or hardcoded credentials.
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and act upon 'implementation plans,' which are external data sources. This constitutes an ingestion surface where a malicious plan could attempt to influence agent behavior. However, the instructions mandate incremental execution and manual user verification at every step, providing strong mitigation.
- Ingestion points: Implementation plan documents and the existing codebase.
- Boundary markers: Absent in the instructions themselves, relying on the user to provide the plan.
- Capability inventory: File system modification (creating/modifying files).
- Sanitization: Not explicitly mentioned, but the workflow requires human-in-the-loop verification for every change.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): No external packages or remote scripts are referenced or executed.
- [Persistence Mechanisms] (SAFE): The skill does not attempt to modify shell profiles, startup scripts, or scheduled tasks.
Audit Metadata