skills/haowjy/orchestrate/plan-task/Gen Agent Trust Hub

plan-task

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted plan data to drive its output logic.
  • Ingestion points: The skill reads data from {{PLAN_FILE}}, progress.md, and task.md (SKILL.md, Step 2).
  • Boundary markers: Absent. There are no delimiters or instructions provided to the agent to ignore potentially malicious commands embedded within the plan files.
  • Capability inventory: The skill possesses the capability to create directories and write files (task.md) based on the processed data.
  • Sanitization: No validation or filtering is performed on the ingested content before it is used to determine the next task's scope and instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 11:26 AM
Security Audit — agent-trust-hub — plan-task