stress-testing-plans
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements a conversational logic to analyze user plans through a decision tree. Its primary operations involve reading repository metadata and documentation to assist the user, which is consistent with its stated purpose.
- [PROMPT_INJECTION]: The skill instructions require the agent to read and incorporate information from the repository, such as documentation, tests, and configuration files. This creates an indirect prompt injection surface where adversarial content stored within the project repository could potentially manipulate the agent's logic or recommendations during the interview process.
- Ingestion points: SKILL.md (Step 2 of Operating Loop: reading relevant files, searching callers/config/docs, and inspecting tests or commands)
- Boundary markers: None explicitly defined in the instructions to separate repository content from the system prompt.
- Capability inventory: File read, repository search.
- Sanitization: No explicit sanitization of repository content before interpolation into the agent's context.
Audit Metadata