plan_review
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection vulnerability detected due to the handling of untrusted data.
- Ingestion points: The variable
${ARGUMENTS}is used to ingest the plan for review directly into the prompt context under the 'Review target' section. - Boundary markers: The prompt lacks delimiters (such as XML tags or triple quotes) or specific 'ignore embedded instructions' warnings to separate the plan data from the agent's core instructions.
- Capability inventory: The skill configuration allows access to sensitive tools including
Bash,Write,Edit, andRead, which could be manipulated via instructions embedded in the processed plans. - Sanitization: There is no mechanism described to sanitize, escape, or validate the content of the plan before it is processed by the agent personas.
Audit Metadata