validate-plan
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes external, untrusted content to guide its evaluation logic.
- Ingestion points: The agent is instructed to read technical specifications from 'docs/specs/{feature-name}-spec.md' and scan implemented source code in the feature branch (SKILL.md, Phase 2).
- Boundary markers: No explicit delimiters or guardrail instructions are provided to the agent to distinguish between data and instructions within these external files.
- Capability inventory: The skill has the ability to execute shell commands ('npm test'), perform git operations, and write new files to the 'docs/validation/' directory (SKILL.md, Phases 3, 5, and 6).
- Sanitization: The skill lacks mechanisms to sanitize or validate the content of the specifications or code before the agent interprets them to verify alignment or suggest fixes.
- [COMMAND_EXECUTION]: The skill requires the execution of shell commands to perform its core functions.
- Evidence: The workflow includes running 'npm test', 'npm run test:coverage', and 'git' commands to switch branches and verify the implementation (SKILL.md, Phase 1 and 3).
- [EXTERNAL_DOWNLOADS]: The skill involves downloading external software packages during the environment setup.
- Evidence: Phase 1 of the workflow involves installing and updating project dependencies from official package registries (SKILL.md, Phase 1).
Audit Metadata