executing-plans
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and execute instructions from external plan files, which presents a surface for indirect prompt injection.
- Ingestion points: The process begins by reading an external plan file as specified in Step 1 of the skill instructions.
- Boundary markers: The skill does not define specific delimiters or instructions to the agent to ignore potentially malicious embedded commands within the plan file.
- Capability inventory: The skill directs the agent to follow plan steps exactly, which can involve any tools available to the agent, including command execution and file modification.
- Sanitization: No explicit sanitization or validation of the plan content is performed; the skill relies on the agent's critical review and human intervention to identify concerns.
Audit Metadata