executing-plans
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill loads and reviews external implementation plans, which represent an ingestion point for untrusted instructions.
- Ingestion points: Plan files are read and reviewed in SKILL.md (Step 1: Load and Review Plan).
- Boundary markers: Absent. The skill instructions do not provide delimiters or warnings for the agent to distinguish between the plan's instructions and system guidelines.
- Capability inventory: The skill permits the agent to execute tasks, run verifications, and perform Git operations through integrated skills like 'finishing-a-development-branch', creating a high-privilege environment for potential plan-based exploits.
- Sanitization: Absent. There are no instructions to validate or sanitize the contents of the plan file before the agent begins implementation steps.
Audit Metadata