executing-plans
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to follow instructions from external plan files, which creates a surface for indirect prompt injection if the plan source is compromised or contains adversarial instructions.
- Ingestion points: The agent is instructed to read a plan file in 'Step 1: Load and Review Plan'.
- Boundary markers: There are no instructions to use boundary markers or to wrap plan content in delimiters to prevent the agent from obeying embedded instructions.
- Capability inventory: The skill directs the agent to execute implementation tasks and run verifications, which typically involve command execution and file system modifications via other agent capabilities.
- Sanitization: No sanitization or validation of the plan content is described, though the skill mandates a 'critical review' by the agent and checkpoints for human feedback as procedural mitigations.
- [NO_CODE]: The skill contains only markdown-based instructions for the agent's workflow and does not include any scripts, dependencies, or executable code.
Audit Metadata