deepen-plan
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes external data with powerful tools.
- Ingestion points: The skill ingests data from external plan documents or issues via the Read tool during Phase 1.
- Boundary markers: The prompt lacks explicit delimiters or instructions to treat ingested content as untrusted, which may allow embedded instructions to influence agent behavior.
- Capability inventory: The skill is configured with high-impact capabilities including Bash, Write, and Edit tools.
- Sanitization: There is no evidence of validation or sanitization of the data read from external sources.
Audit Metadata