executing-plans
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as its core function is to read and execute instructions from external plan files.
- Ingestion points: The agent is instructed to "Read the plan file" in Step 1 of the process.
- Boundary markers: There are no explicit markers or instructions provided to isolate the plan's content from the agent's core instructions or to prevent the plan from overriding the agent's behavior.
- Capability inventory: The skill allows the agent to execute arbitrary sequences of tasks, which could involve any tools or file system operations available to the agent.
- Sanitization: Step 1.2 requires the agent to "Review it
- identify any questions or concerns," which acts as a manual review process but lacks automated sanitization or safety constraints.
- [NO_CODE]: The skill consists exclusively of markdown-based natural language instructions and does not ship with any scripts, binaries, or configuration files that would require code execution analysis.
Audit Metadata