aile-executing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it reads and executes instructions from external plan files.
- Ingestion points: Reads task descriptions and steps from docs/plans/plan.md and plan-{index}.md.
- Boundary markers: No specific delimiters are defined to isolate instructions from plan data.
- Capability inventory: The agent is authorized to execute git commands and implementation tasks specified in the plans.
- Sanitization: No explicit sanitization of plan content is performed prior to execution.
- [COMMAND_EXECUTION]: The skill performs local command-line operations for version control.
- Evidence: Explicitly uses git status, git add, and git commit.
- Risk Mitigation: Requires explicit user authorization for commits and prohibits pushing or main branch modification without consent.
Audit Metadata