implementation-planning
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes potentially untrusted design documents to generate implementation tasks, creating a surface for indirect prompt injection.
- Ingestion points: Design documents (e.g., docs/designs/.md) are read in SKILL.md (Step 1) and processed to extract technical requirements.
- Boundary markers: None identified. The skill does not instruct the agent to use specific delimiters or ignore embedded instructions within the design files.
- Capability inventory: The skill executes exarchos_orchestrate and exarchos_workflow actions (in SKILL.md) which perform local filesystem operations and state management.
- Sanitization: None identified. Content extracted from design documents is used directly in task generation and plan summaries.
Audit Metadata