do
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes and executes implementation plans that may originate from untrusted data sources. * Ingestion points: Reads and executes plans created by external tools like 'make-plan'. * Boundary markers: The instructions do not define explicit delimiters or instructions for subagents to ignore embedded commands within the plan data. * Capability inventory: Subagents are authorized to perform command execution, file system modifications, and code commits. * Sanitization: The skill relies on functional verification (checklists) rather than security-focused sanitization or validation of the input plan's instructions.
- [COMMAND_EXECUTION]: The core purpose of the skill is to deploy subagents that execute implementation commands and modify the environment as specified in the provided plan. While this is the intended behavior, it grants the skill a broad operational surface area.
Audit Metadata