execute-plan
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its ingestion of untrusted plan data. 1. Ingestion points: The agent processes implementation plans from a user-provided file path (e.g., docs/plans/SUMMARY.md). 2. Boundary markers: Absent; the agent is explicitly instructed to execute the plan exactly as written without redesigning it. 3. Capability inventory: The agent can execute arbitrary shell commands for verification, linting, testing, and building, and has full write access to the codebase. It also triggers external skills like git-commit. 4. Sanitization: None; commands found in the plan file are executed directly without validation.
- [COMMAND_EXECUTION]: The skill is designed to run shell commands for project verification and stabilization, including linting, type-checking, and test execution.
Audit Metadata