execute-plan

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its ingestion of untrusted plan data. 1. Ingestion points: The agent processes implementation plans from a user-provided file path (e.g., docs/plans/SUMMARY.md). 2. Boundary markers: Absent; the agent is explicitly instructed to execute the plan exactly as written without redesigning it. 3. Capability inventory: The agent can execute arbitrary shell commands for verification, linting, testing, and building, and has full write access to the codebase. It also triggers external skills like git-commit. 4. Sanitization: None; commands found in the plan file are executed directly without validation.
  • [COMMAND_EXECUTION]: The skill is designed to run shell commands for project verification and stabilization, including linting, type-checking, and test execution.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 11:24 AM
Security Audit — agent-trust-hub — execute-plan