planning-doc

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill instructions in SKILL.md create an indirect prompt injection surface by directing the agent to 'run the Validate: command from the most recent status update' found in the plan file. This instructs the agent to treat untrusted file content as executable instructions.\n
  • Ingestion points: Data is ingested from docs/plans/<prefix>/<feature>/PLAN.md (SKILL.md).\n
  • Boundary markers: No delimiters or 'ignore instructions' warnings are present to isolate the command field from potentially malicious content.\n
  • Capability inventory: The skill uses Bash (restricted by frontmatter to git:* subcommands), Read, Glob, and Grep.\n
  • Sanitization: There is no evidence of sanitization or validation of the command string extracted from the markdown file before it is executed.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 08:37 AM
Security Audit — agent-trust-hub — planning-doc