implement-execplan
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it treats external data as an authoritative instruction set.
- Ingestion points: The skill reads instructions from
.agent/execplan-pending.mdand.agent/PLANS.md(SKILL.md). - Boundary markers: Absent. The instructions do not define delimiters or provide warnings to the agent to ignore potentially malicious instructions embedded within the execution plans.
- Capability inventory: The skill allows the agent to modify the codebase, documentation, and run arbitrary 'validation steps' which typically involve shell command execution.
- Sanitization: Absent. The agent is directed to treat the plan as an 'implementation contract' and use its judgment to fulfill the intended behavior without validating the safety of the steps described in the external file.
Audit Metadata