Skills
skills/evanklem/evanflow/evanflow-executing-plans/Gen Agent Trust Hub

evanflow-executing-plans

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to ingest and follow instructions from external plan files (e.g., located in docs/plans/), creating a surface for indirect prompt injection.
  • Ingestion points: Plan files loaded and reviewed in Step 1.
  • Boundary markers: Absent. No specific delimiters or instructions to ignore embedded commands within the plan are provided.
  • Capability inventory: The skill can execute various shell commands including compilers, linters, and test runners across multiple languages (TypeScript, Rust, Go, Python).
  • Sanitization: Absent. The skill relies on the agent's "critical review" rather than technical sanitization.
  • [COMMAND_EXECUTION]: The skill dynamically identifies and executes project-specific shell commands for typechecking, linting, and testing (e.g., pnpm typecheck, cargo clippy, pytest). While these are standard development tasks, the execution is based on instructions found in local project documentation (CLAUDE.md or README.md), which could be manipulated.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 11:33 AM