plan-validate
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting and acting upon content from project files such as plan.md and phase-.md. Malicious instructions embedded in these files could potentially influence the agent's task creation or questioning logic. 1. Ingestion points: The skill reads plan.md and all phase-.md files in the workspace (SKILL.md). 2. Boundary markers: There are no explicit markers or instructions defined to prevent the agent from following directions found within the processed files. 3. Capability inventory: The skill utilizes TaskCreate and AskUserQuestion, providing a range of actions that could be triggered by injected instructions. 4. Sanitization: No sanitization or filtering of the file content is specified before the data is used to generate tasks or questions.
Audit Metadata