execplan-create
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user inputs such as PRDs, RFCs, and brainstorming notes to generate execution plans, which represents an indirect prompt injection surface.
- Ingestion points: User-provided text requirements, PRDs, or RFCs defined in SKILL.md.
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are specified for the input processing.
- Capability inventory: The skill is authorized to read files, search the repository, and write to the .agent/ directory (SKILL.md).
- Sanitization: No explicit sanitization of input content is described.
- [COMMAND_EXECUTION]: The authoring workflow requires the agent to inspect the repository to understand file structures and system complexity, which involves listing and reading local files. Additionally, the referenced PLANS.md mentions capabilities for the implementing agent to run the project and execute tests.
Audit Metadata