executing-plans

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to ingest and execute instructions from external plan files, which presents a surface for indirect prompt injection.
  • Ingestion points: The process begins by reading an external plan file as specified in Step 1 of the skill instructions.
  • Boundary markers: The skill does not define specific delimiters or instructions to the agent to ignore potentially malicious embedded commands within the plan file.
  • Capability inventory: The skill directs the agent to follow plan steps exactly, which can involve any tools available to the agent, including command execution and file modification.
  • Sanitization: No explicit sanitization or validation of the plan content is performed; the skill relies on the agent's critical review and human intervention to identify concerns.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 04:39 PM
Security Audit — agent-trust-hub — executing-plans