execute-plan

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of executing instructions from external files.
  • Ingestion points: The agent reads phase descriptions and verification commands from docs/plans/*/SUMMARY.md and associated phase files.
  • Boundary markers: There are no explicit markers used to differentiate between the agent's core instructions and the content provided in the plan files.
  • Capability inventory: The skill allows for the execution of arbitrary shell commands (for verification, linting, testing, and building), file system modifications, and the invocation of the git-commit skill.
  • Sanitization: No sanitization or validation is applied to verification commands found within the plan files before they are executed.
  • [COMMAND_EXECUTION]: The skill performs shell command execution based on verification steps defined in implementation plans and standard development checks like linting and testing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 05:23 AM
Security Audit — agent-trust-hub — execute-plan