execplan-improve
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from the codebase to generate and rewrite execution plans.
- Ingestion points: The skill reads .agent/execplan-pending.md, .agent/PLANS.md, and any source code files referenced or adjacent to the plan as described in Steps 1, 2, and 3 of SKILL.md.
- Boundary markers: No explicit delimiters or boundary instructions are utilized to differentiate the analyzed code content from the skill's own operational logic.
- Capability inventory: The skill possesses the capability to perform a file-read on arbitrary paths within the repository and worktree, and a file-write to rewrite the execution plan file as described in Step 5 of SKILL.md.
- Sanitization: There is no evidence of sanitization, validation, or filtering of the content extracted from external files before it is incorporated into the rewritten execution plan.
Audit Metadata