execplan-improve
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it performs deep analysis of arbitrary source files and referenced paths within a codebase to rewrite an execution plan.
- Ingestion points: Reads content from .agent/execplan-pending.md, .agent/PLANS.md, and any source code file referenced in the plans (SKILL.md).
- Boundary markers: The skill lacks instructions for using delimiters or protective prompts to ignore potential instructions embedded in the processed code or plans.
- Capability inventory: The skill has read access to the entire codebase and write access to update execution plans at specific paths (SKILL.md).
- Sanitization: No sanitization or validation logic is defined to filter malicious instructions from the ingested files before they influence the plan's rewrite.
Audit Metadata