execplan-create
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes untrusted user data to generate instructional content for an agent.
- Ingestion points: User-provided PRDs, RFCs, and problem statements are ingested as the primary source for plan generation in
SKILL.md. - Boundary markers: The skill lacks explicit boundary markers or instructions to the LLM to ignore or sanitize embedded commands within the input text.
- Capability inventory: The skill is capable of reading repository files and writing to the
.agent/directory within the target repository (SKILL.md). - Sanitization: No sanitization or validation of the input content is performed before it is drafted into the
execplan-pending.mdfile.
Audit Metadata