Skills
skills/xiaolai/vmark/plan-audit/Gen Agent Trust Hub

plan-audit

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill processes untrusted data from markdown plans and source code to perform complex logical audits.
  • Ingestion points: Workflow steps 1 and 3 in SKILL.md identify reading local files in docs/codex-plans/*.md and inspecting repository state via git log, git show, and rg.
  • Boundary markers: Absent. The instructions do not provide delimiters or safety constraints to protect the agent from instructions embedded in the external plan files or codebase.
  • Capability inventory: Logic analysis and reporting findings. Malicious input in plans can cause the agent to provide false security assurances or intentionally overlook gaps in implementation (Silent Failure).
  • Sanitization: Absent. No validation or filtering is performed on the plan text or code before it is processed by the agent's reasoning engine.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:09 AM