execute-plan
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of executing instructions from external files.
- Ingestion points: The agent reads phase descriptions and verification commands from
docs/plans/*/SUMMARY.mdand associated phase files. - Boundary markers: There are no explicit markers used to differentiate between the agent's core instructions and the content provided in the plan files.
- Capability inventory: The skill allows for the execution of arbitrary shell commands (for verification, linting, testing, and building), file system modifications, and the invocation of the
git-commitskill. - Sanitization: No sanitization or validation is applied to verification commands found within the plan files before they are executed.
- [COMMAND_EXECUTION]: The skill performs shell command execution based on verification steps defined in implementation plans and standard development checks like linting and testing.
Audit Metadata