executing-plans
Fail
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: In 'agentic' mode, the skill is instructed to execute all tasks and steps from an external plan file sequentially without stopping for human feedback. This allows for the execution of malicious shell commands if they are provided in the plan content.
- [EXTERNAL_DOWNLOADS]: The skill permits autonomous installation of missing dependencies (under 50KB) in 'agentic' mode, potentially leading to the installation of malicious software from untrusted sources.
- [REMOTE_CODE_EXECUTION]: The skill follows implementation steps from an external plan file and runs verifications, effectively performing remote code execution based on untrusted runtime data.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by processing external plan files and metadata checkpoints without sanitization or boundary markers while possessing high-privilege capabilities. Evidence: 1. Ingestion points: plan files from '--plan' or 'read_file'. 2. Boundary markers: Absent. 3. Capability inventory: 'read_file', 'replace', dependency installation, subagent dispatch. 4. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata