batch-plan-execute

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is designed to trigger and manage code execution through subagents. It instructs subagents to implement plans and run repository validation tools such as tests, linters, and build commands. The workflow ensures that implementation only occurs after an explicit 'execute' command from the user.
  • [EXTERNAL_DOWNLOADS]: The README documentation provides installation instructions using npx skills add to fetch the skill from the author's (micooz) repository. This is the standard mechanism for skill distribution on the supported platform.
  • [PROMPT_INJECTION]: The skill processes external, potentially untrusted requirement documents and plan files which could contain malicious instructions (Indirect Prompt Injection). The skill includes logic to mitigate this by stripping HTML comments from input sources before processing, though the inherent risk remains due to the skill's high-privilege capabilities (file writing and subagent spawning).
  • Ingestion points: requirement documents (e.g., requirements.md), user chat text, and existing plan files (plans/*.md).
  • Boundary markers: Instructs the agent to ignore HTML comments outside of fenced code blocks.
  • Capability inventory: Writing to the local filesystem and spawning subagents with execution permissions in the repository context.
  • Sanitization: Implements automated preprocessing to filter out commented content from the input stream.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 03:06 AM
Security Audit — agent-trust-hub — batch-plan-execute