executing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest and execute instructions from an external plan file, which is an untrusted source.
- Ingestion points: External plan files loaded in 'Step 1: Load and Review Plan' using the 'scopecraft' tool.
- Boundary markers: Absent; the skill does not specify delimiters or instructions to ignore embedded commands within the plan.
- Capability inventory: The agent is directed to 'Follow each step exactly' and 'Run verifications', which implies the ability to execute code or modify the environment as dictated by the plan.
- Sanitization: The skill includes 'Review critically' and 'STOP executing immediately' clauses which serve as behavioral guardrails against nonsensical or suspicious instructions.
Audit Metadata