planning-doc
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions in SKILL.md create an indirect prompt injection surface by directing the agent to 'run the Validate: command from the most recent status update' found in the plan file. This instructs the agent to treat untrusted file content as executable instructions.\n
- Ingestion points: Data is ingested from
docs/plans/<prefix>/<feature>/PLAN.md(SKILL.md).\n - Boundary markers: No delimiters or 'ignore instructions' warnings are present to isolate the command field from potentially malicious content.\n
- Capability inventory: The skill uses
Bash(restricted by frontmatter togit:*subcommands),Read,Glob, andGrep.\n - Sanitization: There is no evidence of sanitization or validation of the command string extracted from the markdown file before it is executed.
Audit Metadata