executing-plans
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes command sequences and verification checks defined in user-provided plan files. This capability is the primary function of the skill and is protected by manual review gates and batch-based execution.\n- [PROMPT_INJECTION]: The skill processes external, potentially untrusted plan files, which constitutes a surface for indirect prompt injection. This is addressed by instructions requiring the agent to perform a critical review of the plan and obtain user approval before starting or continuing implementation.\n
- Ingestion points: Plan files (e.g., Plan.md) read during Step 1.\n
- Boundary markers: Direct instruction to review the plan critically for concerns.\n
- Capability inventory: Execution of implementation steps and verification commands.\n
- Sanitization: Forced pauses for human feedback and checkpoints between command batches.
Audit Metadata