plan-founder-review
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external implementation plans from the plans/ directory. These files define the filesystem paths the agent will verify, creating an attack surface where a malicious plan could trick the agent into discovering or reading sensitive files via the Glob and Read tools.
- [PROMPT_INJECTION]: Mandatory Evidence Chain for Indirect Prompt Injection: (1) Ingestion points: Data is ingested from plans/.md as described in Step 0 of SKILL.md. (2) Boundary markers: The skill instructions lack explicit delimiters or instructions for the AI to ignore embedded commands within the ingested plan files. (3) Capability inventory: The skill utilizes Glob, Read, and Grep to interact with the filesystem based on parameters provided in the plan (SKILL.md Step 1). (4) Sanitization: There is no evidence of sanitization for the plan filename or the paths contained within the plan files, which could lead to path traversal vulnerabilities.
Audit Metadata