Skills
skills/bigdra50/dotfiles/copilot-plan-loop/Gen Agent Trust Hub

copilot-plan-loop

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by design through its file-processing workflow.
  • Ingestion points: In SKILL.md, the skill reads the contents of design plan files and related source files identified by {plan_path} and {file_list}.
  • Boundary markers: The prompt templates provided in Step 2 use Markdown headers for organization but lack explicit boundary markers (such as XML tags or dedicated delimiters) and specific instructions for the sub-agent to ignore embedded commands or instructions within the ingested data.
  • Capability inventory: The skill performs file reading, spawns a sub-agent (subagent_type: copilot), and modifies local files based on the output of that sub-agent (apply_feedback in Step 4).
  • Sanitization: There is no evidence of sanitization or content validation performed on the ingested file data before it is interpolated into the prompt sent to the sub-agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 05:40 PM