implement-plan
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands defined in plan artifacts, specifically within verification blocks such as 'npm test', 'grep', or 'test -f'. It also runs project-defined standing gates like linting or type-checking scripts as part of the commit policy as defined in the 'Commit Policy' section.
- [PROMPT_INJECTION]: The skill processes 'plan.md' artifacts as instructions, creating a surface for indirect prompt injection.
- Ingestion points: Plan files located in 'docs/threads/' lineages (e.g., 'plan.md').
- Boundary markers: Absent; the agent is instructed to follow steps 'literally' or 'infer' them from objectives without safety delimiters.
- Capability inventory: Modification of repository source code, execution of arbitrary shell commands through plan tasks or project scripts, and automated git commits.
- Sanitization: No validation or sanitization of the commands or instructions within the plan artifacts is performed prior to execution.
Audit Metadata