executing-plans
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes instructions from a plan file, creating a surface for indirect prompt injection.
- Ingestion points: The agent reads a 'plan file' in Step 1.
- Boundary markers: None specified in the instructions to separate the plan content from the agent's core logic.
- Capability inventory: The agent is instructed to 'Follow each step exactly', which involves file system operations, git interactions via integrated worktree sub-skills, and task completion protocols.
- Sanitization: No explicit sanitization or validation of the plan file content is mentioned beyond a 'critical review' conducted by the agent.
Audit Metadata