implement-plan

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands defined in plan artifacts, specifically within verification blocks such as 'npm test', 'grep', or 'test -f'. It also runs project-defined standing gates like linting or type-checking scripts as part of the commit policy as defined in the 'Commit Policy' section.
  • [PROMPT_INJECTION]: The skill processes 'plan.md' artifacts as instructions, creating a surface for indirect prompt injection.
  • Ingestion points: Plan files located in 'docs/threads/' lineages (e.g., 'plan.md').
  • Boundary markers: Absent; the agent is instructed to follow steps 'literally' or 'infer' them from objectives without safety delimiters.
  • Capability inventory: Modification of repository source code, execution of arbitrary shell commands through plan tasks or project scripts, and automated git commits.
  • Sanitization: No validation or sanitization of the commands or instructions within the plan artifacts is performed prior to execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 07:05 AM
Security Audit — agent-trust-hub — implement-plan