implement-execplan
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to read and execute instructions from an external file located at
.agent/execplan-pending.mdor a path specified by the user. This exposes the agent to indirect prompt injection risks, as instructions within these files are followed without validation. - Ingestion points: Reads instructions from
.agent/execplan-pending.mdor user-provided file paths. - Boundary markers: The skill does not define any boundary markers or instructions to ignore malicious commands embedded within the plan.
- Capability inventory: The skill allows the agent to "implement" steps, which typically involves file system modifications, web searches, and potentially code execution.
- Sanitization: There is no evidence of content sanitization or safety checks before the agent executes the steps in the plan.
- [COMMAND_EXECUTION]: The workflow encourages the agent to proceed autonomously without human intervention. The instruction to "make a reasonable decision and proceed" when uncertain and to use "best judgment rather than stopping to ask" when a step is ambiguous reduces the likelihood of the agent flagging malicious or dangerous commands during the execution of the plan.
Audit Metadata