Skills
skills/buiducnhat/agent-skills/execute-plan/Gen Agent Trust Hub

execute-plan

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) as it processes untrusted instructions from external data files.
  • Ingestion points: The skill reads implementation plans and phase details from the docs/plans/ directory (e.g., SKILL.md Step 1.1).
  • Boundary markers: There are no defined delimiters or instructions to ignore malicious content within the plan files.
  • Capability inventory: The skill possesses the capability to execute shell commands (verification steps), modify project source code (Step 2.3), and perform filesystem operations like moving directories (Step 4.3).
  • Sanitization: No sanitization or validation of the plan's content is implemented before the agent carries out the instructions.
  • [COMMAND_EXECUTION]: The skill explicitly instructs the agent to run "phase-specific verification commands" found within the plan files (Step 2.4). This allows the content of a markdown file to trigger arbitrary command execution on the host system.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 05:01 AM