Skills
skills/itallstartedwithaidea/agent-skills/executing-plans/Gen Agent Trust Hub

executing-plans

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is designed to execute shell commands specified in the verification field of each plan step. This core functionality allows for arbitrary system command execution, as seen in the run_verification method in SKILL.md.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing and acting upon external plan specifications.
  • Ingestion points: The plan object provided to the PlanExecutor class in SKILL.md.
  • Boundary markers: The implementation lacks explicit delimiters or instructions to the agent to disregard potentially malicious instructions embedded within the plan data.
  • Capability inventory: The skill can execute subprocesses via run_verification, modify file system content via apply_change, and restore files via restore_file in SKILL.md.
  • Sanitization: There is no evidence of validation or sanitization for the verification commands or plan steps defined in the input data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 07:04 PM