implementing
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: Executes local Python scripts (
plan_checkbox_reminder.py,plan_checkbox_stop.py) via platform hooks triggered by tool use or session termination. These scripts are located in the plugin's root directory and facilitate plan tracking. - [PROMPT_INJECTION]: The skill ingests and processes technical plans from external files, which introduces a surface for indirect prompt injection.
- Ingestion points: Reads plan files from user-specified paths during setup and execution.
- Boundary markers: The instructions do not include specific delimiters or directives to ignore instructions that might be embedded within the plan content.
- Capability inventory: The agent has the ability to modify files, run git commands, and spawn background processes using other vendor skills.
- Sanitization: No content validation or sanitization of the plan files is performed prior to processing.
Audit Metadata