plan-task
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted plan data to drive its output logic.
- Ingestion points: The skill reads data from
{{PLAN_FILE}},progress.md, andtask.md(SKILL.md, Step 2). - Boundary markers: Absent. There are no delimiters or instructions provided to the agent to ignore potentially malicious commands embedded within the plan files.
- Capability inventory: The skill possesses the capability to create directories and write files (
task.md) based on the processed data. - Sanitization: No validation or filtering is performed on the ingested content before it is used to determine the next task's scope and instructions.
Audit Metadata